From patchwork Fri Feb 11 18:11:00 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Heinrich Schuchardt X-Patchwork-Id: 1591758 X-Patchwork-Delegate: trini@ti.com Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.a=rsa-sha256 header.s=badeba3b8450 header.b=NtwPw6Oq; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4JwMBM1wvxz9s0r for ; Sat, 12 Feb 2022 05:11:21 +1100 (AEDT) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 620FF83839; Fri, 11 Feb 2022 19:11:08 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; secure) header.d=gmx.net header.i=@gmx.net header.b="NtwPw6Oq"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 899AD836A9; Fri, 11 Feb 2022 19:11:06 +0100 (CET) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FREEMAIL_FROM,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_PASS, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.2 Received: from mout.gmx.net (mout.gmx.net [212.227.15.18]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1E903836A9 for ; Fri, 11 Feb 2022 19:11:03 +0100 (CET) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=gmx.de Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=xypron.glpk@gmx.de DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1644603061; bh=2ABxYq53EqdS+riB4crCSFTyldg1O+ooVl56SL0jPzw=; h=X-UI-Sender-Class:Date:To:Cc:From:Subject; b=NtwPw6OqRUd+cMbuQ03gOta8tI+kaj8+q8sgIt7VXt1aHEKWId4J798J1mGmrBvWv 2gt1zahiEkaWBafHfpaZc4dmxkupyQeBmi9X7zAs7McYbto+GHTCDqpgtD54VcXAXw rrlXjuoIiXiJIbbKR1Al/2SIqx1BD1rxdwjk3QH4= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from [192.168.123.55] ([88.152.144.107]) by mail.gmx.net (mrgmx004 [212.227.17.190]) with ESMTPSA (Nemesis) id 1MC34h-1nSjO42L3l-00CSAk; Fri, 11 Feb 2022 19:11:01 +0100 Message-ID: <5046580c-e3ed-28fb-297b-1432d49bd621@gmx.de> Date: Fri, 11 Feb 2022 19:11:00 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.5.1 Content-Language: en-US To: Tom Rini Cc: Ilias Apalodimas , U-Boot Mailing List , AKASHI Takahiro From: Heinrich Schuchardt Subject: Pull request for efi-2022-04-rc2-3 X-Provags-ID: V03:K1:Rdpx6MXhNJhb08BIVR0lR27PXzE0FyuB0ZMwgf3C4iP+B0AYph/ 96y6zyhdAI+ESngh1O6iHO0EjTTcWbefi03cYOY0PNVGYnCuWENqyLh8ULKneaN8EXK6B2R 4tVsCSwTm8l3yrvkauZxaxougxIzh3K1FuvyrZHZtGgYZBSPwqnIkdFZ1CBpftqS/yxaqBY hfOtiIuyJ+pbXUbD5sgow== X-UI-Out-Filterresults: notjunk:1;V03:K0:OCpKUugywbw=:ftqRRHNX0BrmTnASFakRpY oimCApocOtWYG/7uYMMD4mxO6i5sUr1KCJknDjnpD/En6EpmOj7fTK9DZJkz+swZNAmlYcH/8 2cBgiHNmRQChZPeCd0OOj2UEQDzT71YRksaNyQFGIKuEPfSV4gLsCOpegofyOahW4RgE9kV/L vXXGTci6JDadw+dGxEh6BGCl4+CaMJyhhk74ldIfWP5ahF3RpIh06Sk/bm9TThFCfnxIoqgbR Zev3185UAEcD3kvJr27nvl4VFRBFDdLXB1iJMm/1M/iYVMJl67kvOrZh4c0ldE58ZVl+Mgg74 bgg1y4BxVN8fYGcv4m07U3Awnsy77OpUdf5I5Tgzp1ypdF4emoLdLws7wPf53N6K8LTqzMymH 7SlnYp11vU1v1MamHePl9txo4EHdfqKnmQpGsqWG1huRXn746hQ7U+XStPekmQpKfZ416o3+l yQypl1+3t8QGkndeD596LxcdBVh2+wphIEKeWnwgudgJSa8r+xpRuDgU2BRf2XmAqmkYzbIjG sURPqv8vIcEM22qGc7SW9V2W4qaxrkb6KN6mdHZp7PsY22rSg6ZjOgf0heU3d8y0z3qbJTtmw SfsfR8wB6m8zDxyKH4KBL9VndNOLGVUFcPCGi0GBVOz79hZqSmLDxFC+U+ZQfp0phNQbfhmjI AU31kCUneZvD885Pfq6sOXxotGw0ann4B0Ziccpv8ANq282XmFv2QaIwfsuasHJGjtJ1pxSaG iUW//pWGIC/nK3SuZQkgi8WcBE6sa0owfhFsJCkLt8NmeQevyJa/tRNF6IIcYQ4omevHEXjjt PaA7MS3nfrYtzv0Mt/BKTq+wBfHObtPallDQ+ECFAR4l5LwtnHcwpezNRkRUBha5u6djolwQi U6mOrJZ8JsuRd+MupyC3h/80Ux94ltHkDqHTC8oBU4xrCpOY7vqA1R5CyxQyDrzT9OKdMrpKd 9h2/GWYLBW9qfCkKk7p3VFx5wp+jvwvVC1eok6aeaVbYiqmIIHbpG1cMFzmryd6pCRT6EdcCp CDiDPT2hmjGm87rWTlnUsqJI1EOwokAzxgBizUArDvxxb/qmdFpIYFwZr9HzuSthJiXclzhjc wE6yCplBX6Wo6o= X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.5 at phobos.denx.de X-Virus-Status: Clean Dear Tom, The following changes since commit fe203a05fb663fa9bc42a9ef9ae51a6ed01a4a90: Merge branch '2022-02-10-platform-updates' (2022-02-10 17:38:04 -0500) are available in the Git repository at: https://source.denx.de/u-boot/custodians/u-boot-efi.git tags/efi-2022-04-rc2-3 for you to fetch changes up to 8c5ed53328712894c19b8b60101b6248358e7dea: test/py: efi_secboot: adjust secure boot tests to code changes (2022-02-11 18:14:49 +0100) Gitlab CI showed no problems: https://source.denx.de/u-boot/custodians/u-boot-efi/-/pipelines/10971 ---------------------------------------------------------------- Pull request for efi-2022-04-rc2-3 Documentation: * mkeficapsule man-page UEFI changes: * add support for signing images to mkeficapsule * add support for user define capsule GUID * adjust unit tests for capsules * fix UEFI image signature validation in case of multiple signatures ---------------------------------------------------------------- AKASHI Takahiro (10): CI: enforce packages upgrade for Msys2 on Windows tools: build mkeficapsule with tools-only_defconfig tools: mkeficapsule: add firmware image signing tools: mkeficapsule: add man page doc: update UEFI document for usage of mkeficapsule test/py: efi_capsule: add image authentication test tools: mkeficapsule: allow for specifying GUID explicitly test/py: efi_capsule: align with the syntax change of mkeficapsule test/py: efi_capsule: add a test for "--guid" option test/py: efi_capsule: check the results in case of CAPSULE_AUTHENTICATE Ilias Apalodimas (2): efi_loader: fix dual signed image certification test/py: efi_secboot: adjust secure boot tests to code changes .azure-pipelines.yml | 5 +- MAINTAINERS | 1 + configs/tools-only_defconfig | 1 + doc/develop/uefi/uefi.rst | 151 +++---- doc/mkeficapsule.1 | 111 +++++ lib/efi_loader/efi_image_loader.c | 88 +--- test/py/tests/test_efi_capsule/capsule_defs.py | 5 + test/py/tests/test_efi_capsule/conftest.py | 59 ++- test/py/tests/test_efi_capsule/signature.dts | 10 + .../test_efi_capsule/test_capsule_firmware.py | 91 +++- .../test_capsule_firmware_signed.py | 254 ++++++++++++ test/py/tests/test_efi_secboot/test_signed.py | 30 +- tools/Kconfig | 8 + tools/Makefile | 4 +- tools/eficapsule.h | 115 ++++++ tools/mkeficapsule.c | 459 ++++++++++++++++++--- 16 files changed, 1179 insertions(+), 213 deletions(-) create mode 100644 doc/mkeficapsule.1 create mode 100644 test/py/tests/test_efi_capsule/signature.dts create mode 100644 test/py/tests/test_efi_capsule/test_capsule_firmware_signed.py create mode 100644 tools/eficapsule.h