diff options
| author | Wojciech Dubowik <[email protected]> | 2026-02-20 10:15:11 +0100 |
|---|---|---|
| committer | Simon Glass <[email protected]> | 2026-03-18 06:14:17 -0600 |
| commit | 0c716a157be460006a4b762625de329b5e36dbf9 (patch) | |
| tree | 0fd9bfd4213ff35d31587d6b83e625ed8ff5d1c6 /include/linux | |
| parent | 4d17632b9a2866695a312e049f94aa386145bafa (diff) | |
tools: mkeficapsule: Add support for pkcs11
With pkcs11 support it's now possible to specify keys
with URI format. To use this feature the filename must
begin "pkcs11:.." and have valid URI pointing to certificate
and private key in HSM.
The environment variable PKCS11_MODULE_PATH must point to the
right pkcs11 provider i.e. with softhsm:
export PKCS11_MODULE_PATH=<path>/libsofthsm2.so
Example command line:
tools/mkeficapsule --monotonic-count 1 \
--private-key "pkcs11:token=EX;object=capsule;type=private;pin-source=pin.txt" \
--certificate "pkcs11:token=EX;object=capsule;type=cert;pin-source=pin.txt" \
--index 1 \
--guid XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXX \
"capsule-payload" \
"capsule.cap"
Signed-off-by: Wojciech Dubowik <[email protected]>
Reviewed-by: Ilias Apalodimas <[email protected]>
Diffstat (limited to 'include/linux')
0 files changed, 0 insertions, 0 deletions