Update Certificate for UEFI Capsule update #1653
Unanswered
Red-Dragon-99
asked this question in
Q&A
Replies: 2 comments
-
|
Hi @Red-Dragon-99 |
Beta Was this translation helpful? Give feedback.
0 replies
-
|
I think what you are looking for can be found here: https://github.com/tianocore/edk2/tree/master/BaseTools/Source/Python/Pkcs7Sign |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi,
I would like to enable OTA updates on a Secureboot-enabled (i.e. fused) Jetson Orin Nano.
I fused SBK/PKC/etc .. using the following XML:
When I boot the device, I see that secureboot is enabled (MB2 prints "RSA PSS signature check: OK") and Linux boots nicely ("EFI stub: UEFI Secure Boot is enabled").
However, when triggering capsule updates they fail with the next reboot and the device stays on the current boot slot.
Surfing through the code, I realized that in tegra-uefi-capsule-signing.class some certificates must be specified:
I just don't understand how they are derived. Is there any documentation on that? There are no helpful comments in the class file and the NVIDIA documentation just mentions these test files. There is no explanation on how to create your own files. I assume they are somehow related to the keys in the EKB?
Any help is appreciated!
Regards
Stefan
Beta Was this translation helpful? Give feedback.
All reactions