test: binman: Add test for pkcs11 signed capsule

Test pkcs11 URI support for UEFI capsule generation. Both public certificate and private key are used over pkcs11 protocol. Pkcs11-tool has been introduced as softhsm tool doesn't have functionality to import certificates in commonly distributed version (only in the latest). Signed-off-by: Wojciech Dubowik <[email protected]> Reviewed-by: Simon Glass <[email protected]>
author: Wojciech Dubowik <[email protected]> 2026-02-20 10:15:16 +0100
committer: Simon Glass <[email protected]> 2026-03-18 06:14:17 -0600
commit: e73443167be055c646dfd7d5a79bc30ac33e31d5 (patch)
tree: 1ec17cb80fc58b6cab471efc3243f9ec687ffd2a /tools/binman/test
parent: e2c46d33cfbb92f493b520524a099fdf9af0a056 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/tools/binman/test/capsule/signed_pkcs11.dts b/tools/binman/test/capsule/signed_pkcs11.dts
new file mode 100644
index 00000000000..bb87e18a15f
--- /dev/null
+++ b/tools/binman/test/capsule/signed_pkcs11.dts
@@ -0,0 +1,22 @@
+// SPDX-License-Identifier: GPL-2.0+
+
+/dts-v1/;
+
+/ {
+	binman {
+		efi-capsule {
+			image-index = <0x1>;
+			/* Image GUID for testing capsule update */
+			image-guid = "binman-test";
+			hardware-instance = <0x0>;
+			monotonic-count = <0x1>;
+			dump-signature;
+			private-key = "pkcs11:token=U-Boot%20token;object=test_key;type=private;pin-value=1111";
+			public-key-cert = "pkcs11:token=U-Boot%20token;object=test_cert;type=cert;pin-value=1111";
+
+			blob {
+				filename = "capsule_input.bin";
+			};
+		};
+	};
+};
author	Wojciech Dubowik <[email protected]>	2026-02-20 10:15:16 +0100
committer	Simon Glass <[email protected]>	2026-03-18 06:14:17 -0600
commit	e73443167be055c646dfd7d5a79bc30ac33e31d5 (patch)
tree	1ec17cb80fc58b6cab471efc3243f9ec687ffd2a /tools/binman/test
parent	e2c46d33cfbb92f493b520524a099fdf9af0a056 (diff)