Re: [PATCH 0/2] efi: Enhance capsule loader to support signed Quark images

From: Jan Kiszka
Date: Wed Feb 15 2017 - 14:00:15 EST

On 2017-02-15 19:50, Jan Kiszka wrote:
> On 2017-02-15 19:46, Andy Shevchenko wrote:
>> On Wed, Feb 15, 2017 at 8:14 PM, Jan Kiszka <jan.kiszka@xxxxxxxxxxx> wrote:
>>> See patch 2 for the background.
>>> Series has been tested on the Galileo Gen2, to exclude regressions, with
>>> a firmware.cap without security header and the SIMATIC IOT2040 which
>>> requires the header because of its mandatory secure boot.
>> Briefly looking to the code it looks like a real hack.
>> Sorry, but it would be carefully (re-)designed.
> The interface that the firmware provides us? That should have been done
> differently, I agree, but I'm not too much into those firmware details,
> specifically when it comes to signatures.
> The Linux code was designed around that suboptimal situation. If there
> are better ideas, I'm all ears.

Expanding CC's as requested by Andy.


Siemens AG, Corporate Technology, CT RDA ITP SES-DE
Corporate Competence Center Embedded Linux