From patchwork Fri Jun 16 11:34:22 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Herbrechtsmeier X-Patchwork-Id: 1795866 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-weidmueller-onmicrosoft-com header.b=SB7XazmW; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QjHCC032bz20X8 for ; Fri, 16 Jun 2023 21:35:19 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 8AB8C8624A; Fri, 16 Jun 2023 13:34:49 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.b="SB7XazmW"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 073F786262; Fri, 16 Jun 2023 13:34:45 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FORGED_SPF_HELO,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.2 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20621.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::621]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 2CBCD8623E for ; Fri, 16 Jun 2023 13:34:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=stefan.herbrechtsmeier-oss@weidmueller.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QZybl6apnJ9dKV+r4GMWMUdrsDDiQvE+GTqrLwzFY1f9KtC0s5hfdXttuesDaCSMFu0Vh1NZryJoyMu1kY/bN1nhcK2yMVcQdq5tz8wHT3c4XfMvZvuLOuhtf//HJUWOBO9GMvfL3Fl2bqbhpIuTpKIhwtgq+cPldOr1AienGuS85zEOiWSmGb+nEZ3B1055HaQ6eriRFsZmfLvdeCg23mSoChpUVgvZcXjA/i4nGwbvo7wgUefC84VLheYBiHBTEh7OL82aX0OeGezRs4p9PNVdq/TSPJnAuVEjdqBxJSBdXF5TcZuR8EqAOMAGaVkF6Lca4gwn6Kh7r4qWQpOMXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Mg7VAbPZg2kAEujEz5Ag/jwe+AR4fKfXBXuiVlQjQco=; b=L2tAmwzJFfhBJoCY/h2H3sN/uTi6hMF9ggMnaQ1sW9usqw77VZ7285vP29j//kyFuism9/sMIv52RDv4+Expk+4rs5L7Js8RwWmq2RYdg7tbln3VnaGsQHkLCOTKlM897lbYCj3TdnxJH88+7KfatW3jbElUQlukRXXI49GrtxQ5btGRHsE+M+w5nFMNTsg0KVLTgBQzv38nSIotHRm/kRjGI2F4xgz1B64RcvqunM6s6A/iiGQ6TtF/STgFHhKQdiqW3+rcWx7o5X+lTQrN4KRp7d5K+Xs5OziAJCXG1O/zU3jkrIzP48+dibgfiRTpRHYf2YS1dXkmcsHA6gd3gw== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=weidmueller.com; dmarc=pass action=none header.from=weidmueller.com; dkim=pass header.d=weidmueller.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weidmueller.onmicrosoft.com; s=selector1-weidmueller-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Mg7VAbPZg2kAEujEz5Ag/jwe+AR4fKfXBXuiVlQjQco=; b=SB7XazmWTTHyDh7F1+oTCwmJdAbZ6zH8CSNJYE3hjoVM8IcQ64Eef1t8DLRaSxqCUoc0eQaZ554tykVn496k4I+nJhfQeLBIdG9WnJ/OwdPfa2heFDuA17JxbILLcggd2O7pSGIFmj0SsX6Og81a+tYrfDVT9Pb8l6X8hAlYUWk= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=weidmueller.com; Received: from PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) by DB9PR08MB6444.eurprd08.prod.outlook.com (2603:10a6:10:23c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.29; Fri, 16 Jun 2023 11:34:39 +0000 Received: from PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389]) by PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389%4]) with mapi id 15.20.6500.025; Fri, 16 Jun 2023 11:34:39 +0000 From: Stefan Herbrechtsmeier To: u-boot@lists.denx.de Cc: Malte Schmidt , Sughosh Ganu , Malte Schmidt , Stefan Herbrechtsmeier , Heinrich Schuchardt , Ilias Apalodimas Subject: [PATCH 1/5] mkeficapsule: constify function parameters Date: Fri, 16 Jun 2023 13:34:22 +0200 Message-Id: <20230616113426.13976-2-stefan.herbrechtsmeier-oss@weidmueller.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> References: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> X-ClientProxiedBy: FR2P281CA0174.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9f::11) To PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR08MB6969:EE_|DB9PR08MB6444:EE_ X-MS-Office365-Filtering-Correlation-Id: e5fb13ec-3021-4d06-90b6-08db6e5dab46 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Njq8jtQcJV/uCc/KfsHU9IpM/2IUae5kcNm7UUxWvtqyqVZKc6TLFq4oWYAcJBwW3dRhCapkINdX02xyousn7kzmOmsb3H35KElH2l/nBlY2hKLsBXV3aODB4n0GruZYlGyYfe1AjIiGIe9wISjjh4J6LXb0feeom8NDLVii2rMsCFSHnX3aEMAIFo46ycLQD+xfo7mo8zoKijszt7jmkEC0s5PbjAyGG6mPdaTawU6Ne4T3m/3cGH2hm2O0IPqWfOWnNHA3mVFVf4w5FLXH18Zlr3wyvUYx7SWqvth2SZYwR9KptsyusbRgxyKSo2wnRQ8I4Ns4UYCG2T59GQ3AMTNqQ4Df/lSjhRhORSHe7T0biJ68OrZC9SF0hFYot9/7Ra5SLr22Q/XK2jiPsL4tnGdBGdVUHP/k5zWYMp7hna7uggAaShSS6LTTWYCu36iO2iSoJdXQSu21AwQwvwpLSZ7nGn5AK0KacF2eAPmINaeNRsIo+YSWuvZzkQKgmarWqTcH7/NgeXNaoI0heo0svtyvo6wO/O20ZxCDQrO0V3RkCOwDGRRwvH1WAIf3rJEqAcd8EUjc9gerwgahy43IynqPC7zhzERqP4rVvNDUf+uWV2vqIDShg9mmnXM0Ywjg X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR08MB6969.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(346002)(366004)(39860400002)(376002)(396003)(451199021)(5660300002)(54906003)(41300700001)(6486002)(8676002)(8936002)(316002)(6666004)(52116002)(186003)(6506007)(26005)(6512007)(478600001)(4326008)(6916009)(66556008)(66476007)(66946007)(86362001)(1076003)(38100700002)(38350700002)(2616005)(83380400001)(36756003)(2906002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: nSdGoUXFn0MMI/GAvRQmEWw30Rmx3lPksV9F1bBpx+TFKGPNlZ0pxdcj9yj9FPqRnhBJyCA03qvcqbTGldsXdCZoWGFKsvC5FAgZ7AHHWE9DOzMIgp1nQ8amFm+0RreH1N9l72i8Oa56TwdJo3Evaa6xcSKV2difFkLFNxdRjIL+8l2vr+4V6o2T985G6eA9k2t+iGExbZnkekbZgcjkPPjaoTlrAW/R5EjQGMdKlvMThkyAMai3ckzyfW49Pyh5k81SJemPRazZqlX0qkgd7pnqNDAHhBPdunQ8enaa9xTSrBkAvg9pjFyThc1EBnRFsk/umC7zzoiYaYpX7n1UhvfB8CKR+UEhxCqoV5KqhvTuMZpPkC0cRkQe5e/1My9kKcMNnM1oQCvjXtdD13tU8PCDsmF+ktSKa8/VTpckQ9fM7vigRWmsGFsG3EN45EXY9tW+qsoowkm6m1NE1jKjeXOB9n8TJUaky438dlifZfb5rwDCaOCPprmJMFXXgmHMx+NMSzq20AZw/tlTs4YQNQqPxxLvv8otQjdCioMxiMU1MKeSzBLlnliJ0ZWkMcEqx6s7CIwUYh0IrZWYE4sIGHbU3iuxZEoYdjhSDdKA6bTOL5JHKl+Xbhw0GUT0UxaZvCe3ldWoKa6O9LURMozWdHmYUT2CZgUJQvquSEavgRgpTr8H70AsuD0soom+jv4a/RyUtGX5F0PRWK3jdZmRV93UJbVO3f/JPKLNcOuzWSkm4kyhBO++103bi651uwK/XiXVuCDie4V/OQANyMHvEyEv7h8JVq/F7RhaeNdSKK5Cxvm6PyGzT5K7Ta/I8cgYHrgwVdt8xlRNf8eBwZRmbZxG0Yawqhm5pttt5ueEx9tXtxhSe9W4GTfN7Z2pIjv3UbLBRW4Yl7GDaqfdWwocMi3NA1QjTJZT3B/u2x1R/UsH3Mctu+Yobtk3m8O891O2wt97YnvNBtb+O05JfoRi70XiM566QCNQCsqR0I6ggSSB91ZrqzD7l5dILiOcL0hPMRrX6QrqbOJtkzpOZMOXs+Wvd6Kzx4Jo0qgr22cjDkL+yRdcBa1/1lZd/iHSJjVeFtIUV4mcvpnmT06MOM/2RDTWDD65w7dKiOVFI77YVxZo9ICFbb7zTFvKETnyUe1yNf96ksbNeKOKNgLbtn/D3mGcd3u/sdIFP2IYAhHhyZ8NziG4+JMIi8vXhIY+Xe374cHC2FddDhDlk755NOhBWUx4XJDJ0vDne5A0tZS4vr0nfYNouyYRBNticZT4WvSCjeEdxv5smitomqs0AXet3qUvln1i0InDyAy/kDwaDfNfF59Dlbm4MXSGCO5FRPVKGEE6Hj5D9sKhLvI3kuMAzTDd1BR9Db3PLxSXInGAiECtFTeCKYICfGhUdFcg1iE4ZlKbP1g6cQZXTZbBdTHtOUDCMaVxQ1+sU2IQDRvmVkB+yfBePasOSGRk9d72u7Gvx26zKiWch1NXMBnLiTK6I+vs+OAa3GLnNE9qTg7iRk6I6IMKfuD39hmgQmCBvS3QLN9JXva+hqN2Y6CClW90WJic/A5oz6UtL9tOhTeIwd2pNfJFKA3bDARiGdldWK7xxym77ieJKxiuAX1L5h4x5A== X-OriginatorOrg: weidmueller.com X-MS-Exchange-CrossTenant-Network-Message-Id: e5fb13ec-3021-4d06-90b6-08db6e5dab46 X-MS-Exchange-CrossTenant-AuthSource: PAXPR08MB6969.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2023 11:34:38.8750 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: e4289438-1c5f-4c95-a51a-ee553b8b18ec X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: dvWOqPV+PdSV1iYmLMwu0HZnWRpINKfQR9bRbxYVWLKJIjsG1djpHbLUjhTZwt0qn+yPqL8lrPqnAz5Df0irPQ== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6444 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Malte Schmidt Use const keyword for function parameters where appropriate. Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/mkeficapsule.c | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index 52be1f122e..b8db00b16b 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -88,8 +88,8 @@ static void print_usage(void) * are filled in by create_auth_data(). */ struct auth_context { - char *key_file; - char *cert_file; + const char *key_file; + const char *cert_file; uint8_t *image_data; size_t image_size; struct efi_firmware_image_authentication auth; @@ -112,7 +112,7 @@ static int dump_sig; * * 0 - on success * * -1 - on failure */ -static int read_bin_file(char *bin, uint8_t **data, off_t *bin_size) +static int read_bin_file(const char *bin, uint8_t **data, off_t *bin_size) { FILE *g; struct stat bin_stat; @@ -170,7 +170,8 @@ err: * * 0 - on success * * -1 - on failure */ -static int write_capsule_file(FILE *f, void *data, size_t size, const char *msg) +static int write_capsule_file(FILE *f, const void *data, size_t size, + const char *msg) { size_t size_written; @@ -343,7 +344,8 @@ static int create_auth_data(struct auth_context *ctx) * * 0 - on success * * -1 - on failure */ -static int dump_signature(const char *path, uint8_t *signature, size_t sig_size) +static int dump_signature(const char *path, const uint8_t *signature, + size_t sig_size) { char *sig_path; FILE *f; @@ -402,10 +404,12 @@ static void free_sig_data(struct auth_context *ctx) * * 0 - on success * * -1 - on failure */ -static int create_fwbin(char *path, char *bin, efi_guid_t *guid, - unsigned long index, unsigned long instance, - struct fmp_payload_header_params *fmp_ph_params, - uint64_t mcount, char *privkey_file, char *cert_file, +static int create_fwbin(const char *path, const char *bin, + const efi_guid_t *guid, unsigned long index, + unsigned long instance, + const struct fmp_payload_header_params *fmp_ph_params, + uint64_t mcount, + const char *privkey_file, const char *cert_file, uint16_t oemflags) { struct efi_capsule_header header; @@ -604,7 +608,8 @@ void convert_uuid_to_guid(unsigned char *buf) buf[7] = c; } -static int create_empty_capsule(char *path, efi_guid_t *guid, bool fw_accept) +static int create_empty_capsule(const char *path, const efi_guid_t *guid, + bool fw_accept) { struct efi_capsule_header header = { 0 }; FILE *f = NULL; @@ -666,7 +671,7 @@ int main(int argc, char **argv) unsigned long index, instance; uint64_t mcount; unsigned long oemflags; - char *privkey_file, *cert_file; + const char *privkey_file, *cert_file; int c, idx; struct fmp_payload_header_params fmp_ph_params = { 0 }; From patchwork Fri Jun 16 11:34:23 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Herbrechtsmeier X-Patchwork-Id: 1795870 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-weidmueller-onmicrosoft-com header.b=xuzGKsey; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QjHD40l8vz20X8 for ; Fri, 16 Jun 2023 21:36:04 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id EEEE88623E; Fri, 16 Jun 2023 13:35:00 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.b="xuzGKsey"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 129A4847B6; Fri, 16 Jun 2023 13:34:48 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FORGED_SPF_HELO,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.2 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20621.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::621]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 81D2586245 for ; Fri, 16 Jun 2023 13:34:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=stefan.herbrechtsmeier-oss@weidmueller.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Utx8rdUBzh6wH4VInzFwpS4pmvkp3APRc68CNZAdDREzvxpsfM+/fpNWqxDRDg6GdoNj7zD2An+T9Hp+8/fgXTaWBllNP9o20uAEL0uKZzavK7o02e13Yw5OGm2I8cRGxqHKYiKv8joViTQlNs1XP+DhQ9F69ChY04m8ZUkTiQkgAL2kc8Rl27yN6Q8j2vr6BZ7G4JbF43JaRQWzYlpt2/lqq0k71QxrpO5f1XiBqVrLAoRYZ82rKe11ej3aiomkmzgfyeH87voXMdME1aqXdafgrVo0Nw2jyK9vpvj99SHGX4zUB7SWHzIPzfSgLTItBa0GSnNmqCtvrAf78PYYGg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JyYiMTHeKofXMBar6gH6M/J0xVNQy5jpEpe6eDIG3XI=; b=ktFhaFdUZWyMusIJqxOTs/DHiFG0BY7xZLV9oAPbzJm3l3S8EzNxCUjBQXv3QcweWxfNaZGnZRtZnssGRpfN5gNhOl7rUxqZbQnb1V0loXNCWM12RT/Qxz0ol3APCtzD1GozyNqE9vTBIq6OynpEAQt7vToFeoR+YXWNJeRR6s7hhPTZbEVSn/hMGdVvVyqMP56usuFsdZ1ZXY2bCI25EGCqoD3XsjMbSI5Avb0Qdy5E11qHCe5rquM6uk75WPVlaAUU3X4Un78YKxR6mFWt5D8ybj2sRJJ/W7u96EtsgZbqeu8PHwu4fWUs4gwnmsloMaQx7ddouEzgqsKjos2V2w== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=weidmueller.com; dmarc=pass action=none header.from=weidmueller.com; dkim=pass header.d=weidmueller.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weidmueller.onmicrosoft.com; s=selector1-weidmueller-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JyYiMTHeKofXMBar6gH6M/J0xVNQy5jpEpe6eDIG3XI=; b=xuzGKseyRUo4dd8avOTUpMmPKm1oB4QYqVLgOuvq8sHeDg93bLhsNj295laAuvzySe+AChaWA+vItNhmWngaVpIlisyIaW3CJKsaePF3YJFrUgZVTyL/lg/qiwgqlP6d9aeDzWYrce7eUACB13c630aboGGnrO+l3UCLFjFBECE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=weidmueller.com; Received: from PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) by DB9PR08MB6444.eurprd08.prod.outlook.com (2603:10a6:10:23c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.29; Fri, 16 Jun 2023 11:34:40 +0000 Received: from PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389]) by PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389%4]) with mapi id 15.20.6500.025; Fri, 16 Jun 2023 11:34:39 +0000 From: Stefan Herbrechtsmeier To: u-boot@lists.denx.de Cc: Malte Schmidt , Sughosh Ganu , Malte Schmidt , Stefan Herbrechtsmeier , Etienne Carriere , Heinrich Schuchardt , Ilias Apalodimas , Masahisa Kojima Subject: [PATCH 2/5] mkeficapsule: add support for multiple payloads inside capsule Date: Fri, 16 Jun 2023 13:34:23 +0200 Message-Id: <20230616113426.13976-3-stefan.herbrechtsmeier-oss@weidmueller.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> References: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> X-ClientProxiedBy: FR2P281CA0174.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9f::11) To PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR08MB6969:EE_|DB9PR08MB6444:EE_ X-MS-Office365-Filtering-Correlation-Id: 83d34cd9-6e3e-4010-23cb-08db6e5daba1 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 5GSiXCeCIiZcVmWLVDYz+2oFeD97FDsXYcJarlOb/sCpfYzvZ2a4P6osQbB6nA0cA/n6qhW23IA7Xmp8n94gpPbec/rNA5QpD9F1yxIhvQ9BdT4hrNw99m2hnYdn+XNLE0aKhxl1u6TjknCwrrnwhuuE2nX6Vl5lUbn1XnnQoVGMvpwbFGOJvbcnhwfrxipKp4lJJdQFi+K6oVU1sJrC7yWntfx1YClCaKEoX9054RVT2zPlTgvLzxHBZrVcll6C3jDfaEO/Q5RDz8kNzfBZpOC/4KTI+JgkNCuYUzX5T6e+jkOV+rxbYlcJ78cqUfrmaKW783TIb2iyt7D9U0ffmI/jSGVoyqn42oa76JljKuVQoFrVygxpqRRgbUXIp+6tdJplLkPghiPUx55pX/WESwLUAftKA6QdIu4ld1yrwpn+DQJh2Z++8sREoy4AIpbDgIJxwvx7Qp7n5C94DQNW2YV4HYdaDcdrjuuh5eZo/g+iXIQi5fCubUPefDFBYNlKjdmmOeiUUJu3/61N7ApcanCv8f4/zoxVBZ17fQ7c7ZDZWY1YKRnS5N4YVmokgcWisqFc/16gT65DRdpjSDc0ucsKNsT1rFTw+hAJG4qD17ceoENl0obrYxTjMSNhMJBu X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR08MB6969.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(346002)(366004)(39860400002)(376002)(396003)(451199021)(5660300002)(54906003)(41300700001)(6486002)(8676002)(8936002)(316002)(6666004)(966005)(52116002)(186003)(6506007)(26005)(6512007)(30864003)(478600001)(4326008)(6916009)(66556008)(66476007)(66946007)(86362001)(1076003)(38100700002)(38350700002)(2616005)(83380400001)(36756003)(2906002)(309714004); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: KKLKWS+WADEmewPWaG4w6nLSwJDbXRc62nGATfUMddGsJMgxnoNBm02aAF2PqpAvSkrklUYwqbbKyKXdQmKGNySax2pNxCVNtWpbxZhK3EMW6+NVaDkksuxzI4JVvWeP9ypfPwnP9VI2/0up1V3G17rblXUUM1vGNtwXTa6kzavfdHAiiwXCBVKeLeJmYdqPu1i5skvxJYGU1DWgWJu1xMk//EEVgfdHHkEWnJbIjmE9H31L/w09Uw/04e/kPk1diEeXT5ZCQWNxF9DJ9R0q/oOGMgBozEYXn5IcrNb4VNAk5Jm0RyAscE6hcSAWyoiYRTBkUXCq1KeE2g5cmzscxF9hkztH4r1XA+mbvEiyXbd/9VjOfWP1EnETc3rUCmPO0DMOdQppgXX3xQzgofBa08iWigUVsPLK3Dt9eX0XTXIJOgoUSifXhX8ScqakaZD5PCDlz1gBn9wzWWlrBf3X/QmL+8ctXkBZie0G/T//kyFAaLbIZkGD0eMXSdULhZZjdYv1FF7RFbSrXHk00QKfh2fLQWcZS9rp4Ki2rbN+LNSAWUilJvnQGb6zlxcQvMVWGBaXCJPQlfLI9o57zddv1Z2hY/IlpQFX972n4WOxYTrHvi8DyZJaz7dMbwCjoC+c5gi0hEcwMnag0ZOwWvQ87o7MEPmcqErqTVyoUUkOwA/o4ggIi2+jO+urVrcZ5S2E/ttFbSGZcGgqTG3xP/YzhcwWQ51oQKKfMSx/YCQt0oSrp1UW4O7wgPgJINnfallkNQTurWO/9oNms7TFn2PRMgAA7cJAHlbjfg3eozOOz09S419Gsn2pbqyoRd8kGU+7XkbuUWTsDkezl9mObAmn9iEyji0a3OFPS9w3+drzqDCgqaRCtE9/NwKcEjRdMYzqWYVJCg76slGX5p2eLJ1q9thCbBKrJdEIu/TMiwpsojzXcfMrXP4yyI7wNwX/EctQiQOu1ESqjNd+VIeAuzqEJh/A5YrBnvRC/jl5pJZIesrLFAPemJZ5+MvE0emH26MIZVyzSRS50ClvO694ADGEsLVVmzs8EGwtVH+nRnGfkNbk5JmDf00Q3sFKOhU5uoV5zo6WAX6jgROdsyIzw7NwRHtJ+5+JWKorYOYYJqvTNcCi26aZTz9Ij79xRa4KgDZ2Vzq4g/hfxG+duVJ9wGfSEvWL/L+RdP8CQ1xMWQvEdoGiTS+X8S159dIxoOybYo54ZFGNicMaAw9V1spOSzs+gNFc8dB5Bd204LEpTBxyvn1IPbgeBUXH+S0rYBW3VSG/8HiGRKqGw+GjSiItxXvtQ3MNY0LNqfs9iE9WjqLDXKFFbhzkAHJ7T3URnsxPJV42KateY921aFJsXlp4ZbSBi7umnyqCw3Y5aaoWiLcHcAlYKfQhB01QwvwXBW67h+FFVQAZsItvEFlJLDAbDg92gTQO5uj3oMtbJZRLgvk928SQBkGIB4FA3tOTN+G8omMN5ZE+apCDVMB16jLcHbralvq4762F/pAHJVFNb45uzXxZqtwnYh9au4pki/ajrDu4zc116DD3PoPwv6jZGxz/+IN1NzIWceB3UADHjEGaHPazNjMcD1Lof8LcEdjI299YXEWgEAkBSTUF0wKZFR86gA== X-OriginatorOrg: weidmueller.com X-MS-Exchange-CrossTenant-Network-Message-Id: 83d34cd9-6e3e-4010-23cb-08db6e5daba1 X-MS-Exchange-CrossTenant-AuthSource: PAXPR08MB6969.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2023 11:34:39.9360 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: e4289438-1c5f-4c95-a51a-ee553b8b18ec X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: 8/CflHTpF1CwA0etp12CO/lju6Ud7+/eng9coce0joRgh84GrD3ehLS2Tbr7XN35VR8xURTlBw41WdGCK8Bxug== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6444 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Malte Schmidt The UEFI [1] specification allows multiple payloads inside the capsule body. Add support for this. The command line arguments are kept backwards-compatible. [1] https://uefi.org/specs/UEFI/2.10/index.html Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- tools/eficapsule.h | 5 - tools/mkeficapsule.c | 636 ++++++++++++++++++++++++++++++++----------- 2 files changed, 475 insertions(+), 166 deletions(-) diff --git a/tools/eficapsule.h b/tools/eficapsule.h index 753fb73313..001af3217c 100644 --- a/tools/eficapsule.h +++ b/tools/eficapsule.h @@ -138,9 +138,4 @@ struct fmp_payload_header { uint32_t lowest_supported_version; }; -struct fmp_payload_header_params { - bool have_header; - uint32_t fw_version; -}; - #endif /* _EFI_CAPSULE_H */ diff --git a/tools/mkeficapsule.c b/tools/mkeficapsule.c index b8db00b16b..1a4de0f092 100644 --- a/tools/mkeficapsule.c +++ b/tools/mkeficapsule.c @@ -29,7 +29,7 @@ static const char *tool_name = "mkeficapsule"; efi_guid_t efi_guid_fm_capsule = EFI_FIRMWARE_MANAGEMENT_CAPSULE_ID_GUID; efi_guid_t efi_guid_cert_type_pkcs7 = EFI_CERT_TYPE_PKCS7_GUID; -static const char *opts_short = "g:i:I:v:p:c:m:o:dhAR"; +static const char *opts_short = "g:i:b:I:v:p:c:m:o:dhAR"; enum { CAPSULE_NORMAL_BLOB = 0, @@ -40,6 +40,7 @@ enum { static struct option options[] = { {"guid", required_argument, NULL, 'g'}, {"index", required_argument, NULL, 'i'}, + {"image_blob", required_argument, NULL, 'b'}, {"instance", required_argument, NULL, 'I'}, {"fw-version", required_argument, NULL, 'v'}, {"private-key", required_argument, NULL, 'p'}, @@ -55,21 +56,22 @@ static struct option options[] = { static void print_usage(void) { - fprintf(stderr, "Usage: %s [options] \n" + fprintf(stderr, "Usage: %s [options] [] \n" "Options:\n" - "\t-g, --guid guid for image blob type\n" - "\t-i, --index update image index\n" - "\t-I, --instance update hardware instance\n" - "\t-v, --fw-version firmware version\n" - "\t-p, --private-key private key file\n" - "\t-c, --certificate signer's certificate file\n" - "\t-m, --monotonic-count monotonic count\n" - "\t-d, --dump_sig dump signature (*.p7)\n" - "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" - "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" - "\t-o, --capoemflag Capsule OEM Flag, an integer between 0x0000 and 0xffff\n" - "\t-h, --help print a help message\n", + "\t-g, --guid comma-separated list of guids for image blob types\n" + "\t-i, --index comma-separated list of update image indices\n" + "\t-b, --image_blob comma-separated list of image blobs\n" + "\t-I, --instance comma-separated list of update hardware instances\n" + "\t-v, --fw-version comma-separated list of firmware versions\n" + "\t-p, --private-key private key file\n" + "\t-c, --certificate signer's certificate file\n" + "\t-m, --monotonic-count comma-separated list of monotonic counts\n" + "\t-d, --dump_sig dump signature (*.p7)\n" + "\t-A, --fw-accept firmware accept capsule, requires GUID, no image blob\n" + "\t-R, --fw-revert firmware revert capsule, takes no GUID, no image blob\n" + "\t-o, --capoemflag capsule OEM Flag, an integer between 0x0000 and 0xffff\n" + "\t-h, --help print a help message\n", tool_name); } @@ -336,16 +338,18 @@ static int create_auth_data(struct auth_context *ctx) * @path: Path to a capsule file * @signature: Signature data * @sig_size: Size of signature data + * @index: The payload index the signature belongs to * * Signature data pointed to by @signature will be saved into - * a file whose file name is @path with ".p7" suffix. + * a file whose file name is @path with "_.p7" suffix. + * If index is negative the suffix is ".p7" (for backwards compatibility). * * Return: * * 0 - on success * * -1 - on failure */ static int dump_signature(const char *path, const uint8_t *signature, - size_t sig_size) + size_t sig_size, int index) { char *sig_path; FILE *f; @@ -356,7 +360,11 @@ static int dump_signature(const char *path, const uint8_t *signature, if (!sig_path) return ret; - sprintf(sig_path, "%s.p7", path); + if (index < 0) + sprintf(sig_path, "%s.p7", path); + else + sprintf(sig_path, "%s_%d.p7", path, index); + f = fopen(sig_path, "w"); if (!f) goto err; @@ -386,14 +394,15 @@ static void free_sig_data(struct auth_context *ctx) /** * create_fwbin - create an uefi capsule file * @path: Path to a created capsule file - * @bin: Path to a firmware binary to encapsulate - * @guid: GUID of related FMP driver - * @index: Index number in capsule + * @bins: Paths to firmware binaries to encapsulate, an array + * @guids: GUIDs of related FMP drivers, an array + * @indices: Index numbers in capsule, an array * @instance: Instance number in capsule * @mcount: Monotonic count in authentication information + * @size: Size of the arrays * @private_file: Path to a private key file * @cert_file: Path to a certificate file - * @oemflags: Capsule OEM Flags, bits 0-15 + * @oemflags: Capsule OEM Flags, bits 0-15 * * This function actually does the job of creating an uefi capsule file. * All the arguments must be supplied. @@ -404,78 +413,87 @@ static void free_sig_data(struct auth_context *ctx) * * 0 - on success * * -1 - on failure */ -static int create_fwbin(const char *path, const char *bin, - const efi_guid_t *guid, unsigned long index, - unsigned long instance, - const struct fmp_payload_header_params *fmp_ph_params, - uint64_t mcount, - const char *privkey_file, const char *cert_file, - uint16_t oemflags) +static int create_fwbin(const char *path, const char **bins, + const efi_guid_t *guids, const unsigned long *indices, + const unsigned long *instances, + const unsigned long *fw_versions, const unsigned long *mcounts, + int size, const char *privkey_file, + const char *cert_file, uint16_t oemflags) { struct efi_capsule_header header; struct efi_firmware_management_capsule_header capsule; - struct efi_firmware_management_capsule_image_header image; - struct auth_context auth_context; + struct efi_firmware_management_capsule_image_header images[size]; + struct auth_context auth_contexts[size]; FILE *f; - uint8_t *data, *new_data, *buf; - off_t bin_size; - uint64_t offset; + uint8_t *data_list[size], *new_data_list[size], *buf_list[size]; + off_t bin_sizes[size]; + uint64_t offsets[size]; int ret; - struct fmp_payload_header payload_header; + struct fmp_payload_header payload_headers[size]; #ifdef DEBUG fprintf(stderr, "For output: %s\n", path); - fprintf(stderr, "\tbin: %s\n\ttype: %pUl\n", bin, guid); - fprintf(stderr, "\tindex: %lu\n\tinstance: %lu\n", index, instance); + for (int i = 0; i < size; i++) { + fprintf(stderr, "\tpayload no: %d\n", i); + fprintf(stderr, "\t\tbin: %s\n\t\ttype: %pUl\n", bins[i], guids[i]); + fprintf(stderr, "\t\tindex: %lu\n\t\tinstance: %lu\n", indices[i], instances[i]); + } #endif - auth_context.sig_size = 0; f = NULL; - data = NULL; - new_data = NULL; ret = -1; - /* - * read a firmware binary - */ - if (read_bin_file(bin, &data, &bin_size)) - goto err; + for (int i = 0; i < size; i++) { + auth_contexts[i].sig_size = 0; + data_list[i] = NULL; + new_data_list[i] = NULL; + } - buf = data; + for (int i = 0; i < size; i++) { + int dump_index = (size == 1) ? -1 : i; - /* insert fmp payload header right before the payload */ - if (fmp_ph_params->have_header) { - new_data = malloc(bin_size + sizeof(payload_header)); - if (!new_data) + /* + * read a firmware binary + */ + if (read_bin_file(bins[i], &data_list[i], &bin_sizes[i])) goto err; - payload_header.signature = FMP_PAYLOAD_HDR_SIGNATURE; - payload_header.header_size = sizeof(payload_header); - payload_header.fw_version = fmp_ph_params->fw_version; - payload_header.lowest_supported_version = 0; /* not used */ - memcpy(new_data, &payload_header, sizeof(payload_header)); - memcpy(new_data + sizeof(payload_header), data, bin_size); - buf = new_data; - bin_size += sizeof(payload_header); - } - - /* first, calculate signature to determine its size */ - if (privkey_file && cert_file) { - auth_context.key_file = privkey_file; - auth_context.cert_file = cert_file; - auth_context.auth.monotonic_count = mcount; - auth_context.image_data = buf; - auth_context.image_size = bin_size; - - if (create_auth_data(&auth_context)) { - fprintf(stderr, "Signing firmware image failed\n"); - goto err; + buf_list[i] = data_list[i]; + /* insert fmp payload header right before the payload */ + if (fw_versions) { + new_data_list[i] = malloc(bin_sizes[i] + sizeof(payload_headers[i])); + if (!new_data_list[i]) + goto err; + + payload_headers[i].signature = FMP_PAYLOAD_HDR_SIGNATURE; + payload_headers[i].header_size = sizeof(payload_headers[i]); + payload_headers[i].fw_version = fw_versions[i]; + payload_headers[i].lowest_supported_version = 0; /* not used */ + memcpy(new_data_list[i], (payload_headers + i), sizeof(payload_headers[i])); + memcpy(new_data_list[i] + sizeof(payload_headers[i]), data_list[i], + bin_sizes[i]); + buf_list[i] = new_data_list[i]; + bin_sizes[i] += sizeof(payload_headers[i]); } - if (dump_sig && - dump_signature(path, auth_context.sig_data, - auth_context.sig_size)) { - fprintf(stderr, "Creating signature file failed\n"); - goto err; + /* calculate signature to determine its size */ + if (privkey_file && cert_file) { + auth_contexts[i].key_file = privkey_file; + auth_contexts[i].cert_file = cert_file; + auth_contexts[i].auth.monotonic_count = mcounts[i]; + auth_contexts[i].image_data = buf_list[i]; + auth_contexts[i].image_size = bin_sizes[i]; + + if (create_auth_data(&auth_contexts[i])) { + fprintf(stderr, "Signing firmware image failed\n"); + goto err; + } + + if (dump_sig && + dump_signature(path, auth_contexts[i].sig_data, + auth_contexts[i].sig_size, dump_index)) { + fprintf(stderr, "Creating signature file failed\n"); + goto err; + } } } @@ -498,81 +516,87 @@ static int create_fwbin(const char *path, const char *bin, if (oemflags) header.flags |= oemflags; header.capsule_image_size = sizeof(header) - + sizeof(capsule) + sizeof(uint64_t) - + sizeof(image) - + bin_size; - if (auth_context.sig_size) - header.capsule_image_size += sizeof(auth_context.auth) - + auth_context.sig_size; + + sizeof(capsule) + + size * sizeof(uint64_t); /* size of item_offset_list */ + for (int i = 0; i < size; i++) { + offsets[i] = header.capsule_image_size - sizeof(header); + header.capsule_image_size += sizeof(images[i]) + + bin_sizes[i]; + if (auth_contexts[i].sig_size) + header.capsule_image_size += sizeof(auth_contexts[i].auth) + + auth_contexts[i].sig_size; + } if (write_capsule_file(f, &header, sizeof(header), "Capsule header")) goto err; /* * firmware capsule header - * This capsule has only one firmware capsule image. */ capsule.version = 0x00000001; capsule.embedded_driver_count = 0; - capsule.payload_item_count = 1; + capsule.payload_item_count = size; if (write_capsule_file(f, &capsule, sizeof(capsule), "Firmware capsule header")) goto err; - offset = sizeof(capsule) + sizeof(uint64_t); - if (write_capsule_file(f, &offset, sizeof(offset), - "Offset to capsule image")) + if (write_capsule_file(f, &offsets, size * sizeof(uint64_t), + "Offsets to capsule images")) goto err; - /* - * firmware capsule image header - */ - image.version = 0x00000003; - memcpy(&image.update_image_type_id, guid, sizeof(*guid)); - image.update_image_index = index; - image.reserved[0] = 0; - image.reserved[1] = 0; - image.reserved[2] = 0; - image.update_image_size = bin_size; - if (auth_context.sig_size) - image.update_image_size += sizeof(auth_context.auth) - + auth_context.sig_size; - image.update_vendor_code_size = 0; /* none */ - image.update_hardware_instance = instance; - image.image_capsule_support = 0; - if (auth_context.sig_size) - image.image_capsule_support |= CAPSULE_SUPPORT_AUTHENTICATION; - if (write_capsule_file(f, &image, sizeof(image), - "Firmware capsule image header")) - goto err; - - /* - * signature - */ - if (auth_context.sig_size) { - if (write_capsule_file(f, &auth_context.auth, - sizeof(auth_context.auth), - "Authentication header")) + for (int i = 0; i < size; i++) { + /* + * firmware capsule image header + */ + images[i].version = 0x00000003; + memcpy(&images[i].update_image_type_id, &guids[i], sizeof(guids[i])); + images[i].update_image_index = indices[i]; + images[i].reserved[0] = 0; + images[i].reserved[1] = 0; + images[i].reserved[2] = 0; + images[i].update_image_size = bin_sizes[i]; + if (auth_contexts[i].sig_size) + images[i].update_image_size += sizeof(auth_contexts[i].auth) + + auth_contexts[i].sig_size; + images[i].update_vendor_code_size = 0; /* none */ + images[i].update_hardware_instance = instances[i]; + images[i].image_capsule_support = 0; + if (auth_contexts[i].sig_size) + images[i].image_capsule_support |= CAPSULE_SUPPORT_AUTHENTICATION; + if (write_capsule_file(f, &images[i], sizeof(images[i]), + "Firmware capsule image header")) goto err; - if (write_capsule_file(f, auth_context.sig_data, - auth_context.sig_size, "Signature")) + /* + * signature + */ + if (auth_contexts[i].sig_size) { + if (write_capsule_file(f, &auth_contexts[i].auth, + sizeof(auth_contexts[i].auth), + "Authentication header")) + goto err; + + if (write_capsule_file(f, auth_contexts[i].sig_data, + auth_contexts[i].sig_size, "Signature")) + goto err; + } + + /* + * firmware binary + */ + if (write_capsule_file(f, buf_list[i], bin_sizes[i], "Firmware binary")) goto err; } - /* - * firmware binary - */ - if (write_capsule_file(f, buf, bin_size, "Firmware binary")) - goto err; - ret = 0; err: if (f) fclose(f); - free_sig_data(&auth_context); - free(data); - free(new_data); + for (int i = 0; i < size; i++) { + free_sig_data(&auth_contexts[i]); + free(data_list[i]); + free(new_data_list[i]); + } return ret; } @@ -652,6 +676,228 @@ err: return ret; } +/** + * count_items - count number of items in list + * @list: Pointer to a string + * @separator: Separator used to separate list items + * + * Count the number of items in a list. The list items + * are separated by a separator character inside the string. + * Trailing white spaces are not allowed except if it is the separator. + * + * Return: + * The item count. + */ +int count_items(const char *list, char separator) +{ + const char *c; + int count = 0; + + if (!*list) + return 0; + + for (c = list; *c; c++) { + if (*c == separator) + count++; + } + /* correct count if no trailing separator present */ + if (*(c - 1) != separator) + count++; + + return count; +} + +/** + * update_itemcount - update item count + * @count: The count to be updated + * @list: The item list + * @separator: List separator + * + * Initialize the count if it is uninitialized (negative value). + * Check that the list contains at least one item. + * Check if an already initialized count is consistent with the list count. + * + * Return: + * * 0 - on success + * * -1 - if a check fails + */ +int update_itemcount(int *count, const char *list, char separator) +{ + int current_count = count_items(list, separator); + + if (*count < 0) + *count = current_count; + + if (*count == 0 || + *count != current_count) + return -1; + + return 0; +} + +/** + * split_list - split list into elements + * @elements: Pointer to string array + * @size: The array size + * @list: The item list + * @separator: List separator + * + * Split a comma-separated list into its elements. + * + * Return: + * * 0 - on success + * * -1 - on failure + */ +int split_list(char **elements, int size, char *list, char separator) +{ + const char separator_str[] = {separator, '\0'}; + char *end; + + for (int i = 0; i < size; i++) { + elements[i] = strsep(&list, separator_str); + if (!elements[i]) + return -1; + } + + end = strsep(&list, separator_str); /* NULL or empty string expected */ + if (end && *end) + return -1; + + return 0; +} + +/** + * alloc_array - allocate memory for array + * @count: The number of elements + * @obj_size: The size of a single element + * @name: The name of the array + * + * This is a wrapper for malloc which prints an error + * message on failure. + * + * Return: + * * Pointer to the allocated memory on success + * * NULL on failure + */ +void *alloc_array(unsigned int count, size_t obj_size, const char *name) +{ + void *array; + + array = malloc(count * obj_size); + if (!array) + fprintf(stderr, "Could not allocate memory for %s\n", name); + + return array; +} + +/** + * init_guids - populate guid array + * @elements: String array of elements to be converted + * @size: The array size + * @name: The name of the array + * + * Allocate and populate an array of guid structs. The list contains the UUIDs + * to convert and store in the array. Upon failure an error message is + * printed. + * + * Return: + * * The initialized GUID array on success + * * NULL on failure + */ +efi_guid_t *init_guids(const char **elements, unsigned int size, + const char *name) +{ + efi_guid_t *guids; + + guids = alloc_array(size, sizeof(efi_guid_t), name); + if (!guids) + return NULL; + + for (int i = 0; i < size; i++) { + if (uuid_parse(elements[i], (unsigned char *)(guids + i))) { + fprintf(stderr, "Wrong %s format\n", name); + free(guids); + return NULL; + } + convert_uuid_to_guid((unsigned char *)(guids + i)); + } + + return guids; +} + +/** + * init_uls - populate unsigned long array + * @elements: String array of elements to be converted + * @size: The array size + * @name: The name of the array + * + * Allocate and populate an array of unsgined longs. Upon failure an + * error message is printed. + * + * Return: + * * The initialized array on success + * * NULL on failure + */ +unsigned long *init_uls(const char **elements, unsigned int size, + const char *name) +{ + unsigned long *array; + + array = alloc_array(size, sizeof(unsigned long), name); + if (!array) + return NULL; + for (int i = 0; i < size; i++) + array[i] = strtoul(elements[i], NULL, 0); + + return array; +} + +/** + * init_list - parse list and allocate elements + * @listcount: The list count to be checked and updated + * @list: The list to be parsed + * @separator: The list separator + * @name: The name of the list + * @multiple_times: List encountered multiple times + * + * Routine for command line argument lists. + * Parse the string list and count the list elements. + * Initialize the listcount if it is uninitialized (negative value). + * Check that the list contains at least one item. + * Check if an already initialized count is consistent with the list count. + * Allocate the string array and populate it with the list elements. + * The array should be freed in the calling function. + * Upon failure an error message is printed and the program exits. + * + * Return: + * * The initialized array on success + * * NULL on failure + */ +char **init_list(int *listcount, char *list, char separator, + bool multiple_times, char *name) +{ + char **elements; + + if (multiple_times) { + fprintf(stderr, "%s specified multiple times\n", name); + return NULL; + } + if (update_itemcount(listcount, list, separator)) { + fprintf(stderr, "List count not consistent with previous or list not provided\n"); + return NULL; + } + elements = alloc_array(*listcount, sizeof(char *), name); + if (!elements) + return NULL; + if (split_list(elements, *listcount, list, separator)) { + fprintf(stderr, "Could not parse %s list\n", name); + free(elements); + return NULL; + } + + return elements; +} + /** * main - main entry function of mkeficapsule * @argc: Number of arguments @@ -666,24 +912,27 @@ err: */ int main(int argc, char **argv) { - efi_guid_t *guid; - unsigned char uuid_buf[16]; - unsigned long index, instance; - uint64_t mcount; + const char separator = ','; + const efi_guid_t *guids; /* an array */ + const unsigned long *indices, *instances, *mcounts, *fw_versions; /* arrays */ unsigned long oemflags; + const char **blob_paths, **elements; /* string arrays */ const char *privkey_file, *cert_file; - int c, idx; - struct fmp_payload_header_params fmp_ph_params = { 0 }; + int listcount, c, idx; - guid = NULL; - index = 0; - instance = 0; - mcount = 0; + guids = NULL; + indices = NULL; + instances = NULL; + mcounts = NULL; + oemflags = 0; + blob_paths = NULL; privkey_file = NULL; cert_file = NULL; + elements = NULL; + listcount = -1; + fw_versions = NULL; dump_sig = 0; capsule_type = CAPSULE_NORMAL_BLOB; - oemflags = 0; for (;;) { c = getopt_long(argc, argv, opts_short, options, &idx); if (c == -1) @@ -691,27 +940,62 @@ int main(int argc, char **argv) switch (c) { case 'g': - if (guid) { - fprintf(stderr, - "Image type already specified\n"); + elements = (const char **)init_list(&listcount, optarg, separator, !!guids, + "GUID"); + if (!elements) exit(EXIT_FAILURE); - } - if (uuid_parse(optarg, uuid_buf)) { - fprintf(stderr, "Wrong guid format\n"); + + guids = init_guids(elements, listcount, "GUID"); + if (!guids) exit(EXIT_FAILURE); - } - convert_uuid_to_guid(uuid_buf); - guid = (efi_guid_t *)uuid_buf; + + free(elements); + elements = NULL; break; case 'i': - index = strtoul(optarg, NULL, 0); + elements = (const char **)init_list(&listcount, optarg, separator, + !!indices, "index"); + if (!elements) + exit(EXIT_FAILURE); + + indices = init_uls(elements, listcount, "index"); + if (!indices) + exit(EXIT_FAILURE); + + free(elements); + elements = NULL; + break; + case 'b': + blob_paths = (const char **)init_list(&listcount, optarg, separator, + !!blob_paths, "blob path"); + if (!blob_paths) + exit(EXIT_FAILURE); break; case 'I': - instance = strtoul(optarg, NULL, 0); + elements = (const char **)init_list(&listcount, optarg, separator, + !!instances, "instance"); + if (!elements) + exit(EXIT_FAILURE); + + instances = init_uls(elements, listcount, "instance"); + if (!instances) + exit(EXIT_FAILURE); + + free(elements); + elements = NULL; break; case 'v': - fmp_ph_params.fw_version = strtoul(optarg, NULL, 0); - fmp_ph_params.have_header = true; + elements = (const char **)init_list(&listcount, optarg, separator, + !!fw_versions, "firmware version"); + if (!elements) + exit(EXIT_FAILURE); + + fw_versions = init_uls(elements, listcount, "firmware version"); + if (!fw_versions) + exit(EXIT_FAILURE); + + free(elements); + elements = NULL; break; case 'p': if (privkey_file) { @@ -730,7 +1014,17 @@ int main(int argc, char **argv) cert_file = optarg; break; case 'm': - mcount = strtoul(optarg, NULL, 0); + elements = (const char **)init_list(&listcount, optarg, separator, + !!mcounts, "monotonic count"); + if (!elements) + exit(EXIT_FAILURE); + + mcounts = init_uls(elements, listcount, "monotonic count"); + if (!mcounts) + exit(EXIT_FAILURE); + + free(elements); + elements = NULL; break; case 'd': dump_sig = 1; @@ -767,26 +1061,46 @@ int main(int argc, char **argv) /* check necessary parameters */ if ((capsule_type == CAPSULE_NORMAL_BLOB && - ((argc != optind + 2) || !guid || - ((privkey_file && !cert_file) || - (!privkey_file && cert_file)))) || + (!((argc != optind + 2) ^ !(blob_paths && argc == optind + 1)) || !guids || + ((privkey_file && !cert_file) || + (!privkey_file && cert_file)))) || (capsule_type != CAPSULE_NORMAL_BLOB && - ((argc != optind + 1) || - ((capsule_type == CAPSULE_ACCEPT) && !guid) || - ((capsule_type == CAPSULE_REVERT) && guid)))) { + ((argc != optind + 1) || + ((capsule_type == CAPSULE_ACCEPT) && !guids) || + ((capsule_type == CAPSULE_ACCEPT) && listcount != 1) || + ((capsule_type == CAPSULE_REVERT) && guids)))) { print_usage(); exit(EXIT_FAILURE); } + /* populate blob_paths if image blob was provided as positional argument */ + if (capsule_type == CAPSULE_NORMAL_BLOB && !blob_paths) { + blob_paths = malloc(sizeof(char *)); + if (!blob_paths) { + fprintf(stderr, "Could not allocate memory for blob paths\n"); + exit(EXIT_FAILURE); + } + *blob_paths = argv[argc - 2]; + } + + /* populate arrays with zeros if they are not provided */ + if (!indices) + indices = calloc(listcount, sizeof(unsigned long)); + if (!instances) + instances = calloc(listcount, sizeof(unsigned long)); + if (!mcounts) + mcounts = calloc(listcount, sizeof(uint64_t)); + if (capsule_type != CAPSULE_NORMAL_BLOB) { - if (create_empty_capsule(argv[argc - 1], guid, + if (create_empty_capsule(argv[argc - 1], guids, capsule_type == CAPSULE_ACCEPT) < 0) { fprintf(stderr, "Creating empty capsule failed\n"); exit(EXIT_FAILURE); } - } else if (create_fwbin(argv[argc - 1], argv[argc - 2], guid, - index, instance, &fmp_ph_params, mcount, privkey_file, - cert_file, (uint16_t)oemflags) < 0) { + } else if (create_fwbin(argv[argc - 1], blob_paths, guids, + indices, instances, fw_versions, + mcounts, listcount, privkey_file, + cert_file, (uint16_t)oemflags) < 0) { fprintf(stderr, "Creating firmware capsule failed\n"); exit(EXIT_FAILURE); } From patchwork Fri Jun 16 11:34:24 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Herbrechtsmeier X-Patchwork-Id: 1795869 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-weidmueller-onmicrosoft-com header.b=BQTSPcsJ; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QjHCm4sBGz20X8 for ; Fri, 16 Jun 2023 21:35:48 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 2264D86262; Fri, 16 Jun 2023 13:34:55 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.b="BQTSPcsJ"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 0886086241; Fri, 16 Jun 2023 13:34:46 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FORGED_SPF_HELO,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.2 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20621.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::621]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id DE47F86248 for ; Fri, 16 Jun 2023 13:34:41 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=stefan.herbrechtsmeier-oss@weidmueller.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RmOwAG+rYK8UmCm6yfxG3lK1GjIJJZ1BvzpMy9NChR6Z28Uhw/mhmmZHs0wwt5wYID/gDzCSW7/tAxcUEeC1vL8etoSM18EtlEQjYwyZuedRHMkL7GT6ss0GGvif6JJ84SRuqPF7/e10saHUlIyH+ydZOK387peRWnJERRaq58CJ5hEMczyu0V/V7iLJcCHzlmIZNGBzxTfu5S/iTXqNoy05CSEflOGUXf3bRGmbqGApgzbqnoaN1KvtNbOHW7SuO3tvCeVBV8T6+zhYE4hNwEUNVpTJ5EtdqNJ6qSCqteSWwXRu8nBWHqhu/wK8XbSVpgzvEEVc5t7xzEvFbG4b0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=ZH28uyDRDqMX1dIQmIqrqhkBE0ab/wPuzqH4ZBC1j7o=; b=kH4YhAvv1oWSdMdx4veE8pxlUMVTu6GYWMA5aIvIwn+pAcmv8wHpygOkAk9IJo8znJPJI6FNlwQwc97Ump/UlmUt1cgAMLXI5c5uERoCoMxYOKtyCvtKOxNuQIaX8Ut5molV8ByNNycKSRQ1GNh5GyZVCDUiR/Ui3jkoOss2RBQM8UfyPfEiaXMs4ZqassjqvtX93f2Zt8+Babf76dkLNbTnAMW4m5B9yaEw9J1wPu8gMWhF1x4VOvjiBVz0YJ9yE7BZFEfKMw1QY6pUaiT4EEq+74CmkjNcoA4Z+BjXA+siSuliZhkiEK3uQEvXM/tgvUKLZw7iVEeUjj4h0+9HJg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=weidmueller.com; dmarc=pass action=none header.from=weidmueller.com; dkim=pass header.d=weidmueller.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weidmueller.onmicrosoft.com; s=selector1-weidmueller-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=ZH28uyDRDqMX1dIQmIqrqhkBE0ab/wPuzqH4ZBC1j7o=; b=BQTSPcsJ6CQrHpbzfFKs1QE+wkJ5L6UM0JTCGYoCWa5QrFo+g+GuGT0xXUmvELFXWfRn9riZPV8WYlVkozhYT5+Hep3zHz9EdyollvGibniytN5c2ktTGCJsJCWahpiAREjebGPyy4c51cdnItPfg+muQvUWu0ufkuy7fRR3eA8= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=weidmueller.com; Received: from PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) by DB9PR08MB6444.eurprd08.prod.outlook.com (2603:10a6:10:23c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.29; Fri, 16 Jun 2023 11:34:40 +0000 Received: from PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389]) by PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389%4]) with mapi id 15.20.6500.025; Fri, 16 Jun 2023 11:34:40 +0000 From: Stefan Herbrechtsmeier To: u-boot@lists.denx.de Cc: Malte Schmidt , Sughosh Ganu , Malte Schmidt , Stefan Herbrechtsmeier , Heinrich Schuchardt , Ilias Apalodimas Subject: [PATCH 3/5] test: efi_capsule: test a capsule update containing multiple images Date: Fri, 16 Jun 2023 13:34:24 +0200 Message-Id: <20230616113426.13976-4-stefan.herbrechtsmeier-oss@weidmueller.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> References: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> X-ClientProxiedBy: FR2P281CA0174.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9f::11) To PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR08MB6969:EE_|DB9PR08MB6444:EE_ X-MS-Office365-Filtering-Correlation-Id: b47cd157-7383-49e2-15b9-08db6e5dac3c X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: Wcff9AYkcesvEZPELzgKi2nruohVHo0gaB7HQn2ln9FuwMXJKNJY15vMg04rifE5OaVkL6/tbN+oE2yNDEggVxfSgZzLaMNfReBePlRf5xTDE86iJ20w9xPVmf2xwBNSk4xYYVUmU+P6BNnXyuXWR3JQ6fDNv59mt/+Abt9oq/i7cicy3QndBnrJdqOJCqyeLKxt4bEHbpY6G3pTX3b1tA1ttGm1YePTXPb8Ocgw4kqMV4blOr6w43ZaFAZRhR7MSksxDC5qyJoNke1owSIiQaMeXOFuQy933apLi0CcSb++QpXyOw6ZXGoKP+vPPqktJ0LYzNoiYPiJqt3bYt/x/Jk/sNxbVSgKgzAx5lLKQI3rtmSrBXgHRLZTFW/16BJ2w5yMielwx89BVb7JQxzrxo5gdp9gCM62ZFeIV4yGXCHb+cvFFBv3MT7qjmfYPRmetnFWfuI/UGfAiNCHynkmhU/C7W0OU2fELmM/15N6E8HMp/p1fm7Rmgbs/brpP6aaiAoz0c9uP+Izyzv1eHUO7vt/PevEA8KzurSE0yYLtjtj+kKLWUj3qfo9jbaY87GmDtUVfCnxn6ZggF/B8Yy7/FwMrf/O6kRNvxh/HCYNI+hK/OeAXbipth4U1MOfEpXI X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR08MB6969.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(346002)(366004)(39860400002)(376002)(396003)(451199021)(5660300002)(54906003)(41300700001)(6486002)(8676002)(8936002)(316002)(6666004)(52116002)(186003)(6506007)(26005)(6512007)(15650500001)(478600001)(4326008)(6916009)(66556008)(66476007)(66946007)(86362001)(1076003)(38100700002)(38350700002)(2616005)(83380400001)(36756003)(2906002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: 5TUD+4uB2700p2MydwbXlX6mdAurqPf4DXnJAhNEnm14Dwwm8swNpuSruoB3+J3qhV19t5V+saz3+aneWTfgZreLoJizfeP0EUMILp/dQ1AIeh38doR7iv0WNclTjL1K197voZ/UBrs8DKpx+fmq6BGsWCHNaQcx0n6MAwSS3yf7BReT8B+1x3Q5iMmHkbw3+2Q4dp2BVEwTQwAfpVgDXzDHvF+QM3ukDrJOJis7aQNY/ERmLyB/CWL24FkmvYkwcTTZXueOdouWPTkwH4Ay0c1mdVKplOmqvaA+cXWQXnE3tLapunXt66+0t31samPO43DxKU2ppLHNjsNmBn0oRIK3kdVxpYAT7DPt0M3VLhqpOUvI/mGGlLs1rOnZ7VeeYEk4t+eqENZowmazGbHbLK9D7QCovi7oLjBP4QW4H/wa3XBxfJJqgSLeDMeawv2BDuR5oTcqlfLAnIBkD1kLRkQb1IlCwvfGWbTfczuQh9I49Hg5t9QnSywdmaiR0kAVxdAIXS0chQD+pos67LutJtyGci9pZnIsqTSH8ERZ0CjZg5xXeDE3aDWjTKPEahEcU9+eMtNG0eueaV6YXkW7NAJ+0mId6h1Pss+OPQY77q4zV+SBg1sedl8b3vSHPgABYjOHSv8DMT0PZL43hLmb5dqkp+NgnsK1MO67Clmay8h34At1VbEPV6dZ/qeO6oG4heHv+Xb5GCa8AXnv2BWwPzzq7/vodddbNHXXvCMzxi6xmACKacOmpfjF6VYF9AcDAlFhF+LCOMRhEJpIDWSDs+n5uIpmgAbQvg5oCldJCxnehUNN5mhhAYGiJjsnVhTbYx9hHjbRj/jpvM6mtd6d/4JFNfAYNxtYP65lgrZQfIMO3U/XHzzzCT7vaRJZoaoITgI+PgSttNIEyGiA1spqKdRkVsDA3tXsfULwgJa5O2GCY7RbCSz/B24YLWVzY8t20ADIFmXf/kWKqlBFo9z/BThGzOSIg/BBgsbbOZ6P9CY/shPSM0352f0ramcKMv2CCkW1S0ZlKj+AWBwNp3kpQtqQwqffXhfFUvNfW9TI5EQ48TyRO75SITwaa6vryWsXfcqbbGDgidPW+tR2FX9EVLvvreg78C10RaU3OksEXpc+SP2wEsFCy9ilk2n6aC/gBRAOfYTd5EPvMkG9Q3xurMou/8KH0tABfkmwoaeczZU5pCr+c6RJcQBtj8FVuEwmiCdhrW3rAnBcx+/sfU6+kgJLQBc+Dtxpr2nYnGUqSFntzbodMB7oGz9L82dj1q5KdoIobOpqekYlyf4St7CUZDnGjEZFXPXwdonUOha3LYQTG4Kb+sLC+aul4xTRduSga1XFMV884a2HrXz0J27hSj3J3IY0vrMI3a+iMgpesu0GEDodRcHEsBj2E9c3PLNoIIN/NS/Dr7T+ugsvC/8YfQQPfXTLEl68UzpBTuCdvnK/d1x8LONoxuUx4T4wd1QhfiqzoSgK30BlieZsDAr0/n/7c1G6UGVBnsyCptzgBxmEXkIQ0FyguldRkfh/Cj0SWsdZtf7MMfDZzOFs41CdtPWbfbOWSD+5HXKJwwbVpzzp6rvU0ODtHNF3vSjOsAuW0ZET3e/dn5pUa7IZfrBdwA== X-OriginatorOrg: weidmueller.com X-MS-Exchange-CrossTenant-Network-Message-Id: b47cd157-7383-49e2-15b9-08db6e5dac3c X-MS-Exchange-CrossTenant-AuthSource: PAXPR08MB6969.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2023 11:34:40.5348 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: e4289438-1c5f-4c95-a51a-ee553b8b18ec X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: qUufuWX2YJz2fpiTL0eRXXvF5eh//ry3mMXn3Ur5y6PClk2RjROECXwfdKfaJpTCyiMdfsB57738rKvVQbFVSA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6444 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Malte Schmidt Test updating U-Boot and the U-Boot environment with a single capsule. This test also checks that the mkeficapsule tool builds a capsule containing both images to update correctly. Testing of a signed and an unsigned image is implemented. Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- test/py/tests/test_efi_capsule/conftest.py | 18 +++++++- .../test_capsule_firmware_raw.py | 46 ++++++++++++++++--- .../test_capsule_firmware_signed_raw.py | 24 ++++++++-- 3 files changed, 77 insertions(+), 11 deletions(-) diff --git a/test/py/tests/test_efi_capsule/conftest.py b/test/py/tests/test_efi_capsule/conftest.py index 054be1ee97..7acafb8599 100644 --- a/test/py/tests/test_efi_capsule/conftest.py +++ b/test/py/tests/test_efi_capsule/conftest.py @@ -124,6 +124,12 @@ def efi_capsule_data(request, u_boot_config): '--guid 3673B45D-6A7C-46F3-9E60-ADABB03F7937 uboot_bin_env.itb Test105' % (data_dir, u_boot_config.build_dir), shell=True) + check_call('cd %s; %s/tools/mkeficapsule --index 1,2 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8,5A7021F5-FEF2-48B4-AABA-832E777418C0 ' + '-b u-boot.bin.new,u-boot.env.new ' + 'Test106' % + (data_dir, u_boot_config.build_dir), + shell=True) if capsule_auth_enabled: # raw firmware signed with proper key @@ -205,7 +211,17 @@ def efi_capsule_data(request, u_boot_config): 'uboot_bin_env.itb Test115' % (data_dir, u_boot_config.build_dir), shell=True) - + # multiple raw firmwares with proper key + check_call('cd %s; %s/tools/mkeficapsule --index 1,2 ' + '--monotonic-count 1,2 ' + '--private-key SIGNER.key ' + '--certificate SIGNER.crt ' + '--fw-version 5,10 ' + '--guid 09D7CF52-0720-4710-91D1-08469B7FE9C8,5A7021F5-FEF2-48B4-AABA-832E777418C0 ' + '-b u-boot.bin.new,u-boot.env.new ' + 'Test116' + % (data_dir, u_boot_config.build_dir), + shell=True) # Create a disk image with EFI system partition check_call('virt-make-fs --partition=gpt --size=+1M --type=vfat %s %s' % (mnt_point, image_path), shell=True) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py index 80d791e3de..627b93b337 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_raw.py @@ -105,12 +105,27 @@ class TestEfiCapsuleFirmwareRaw: def test_efi_capsule_fw3( self, u_boot_config, u_boot_console, efi_capsule_data): """ Test Case 3 - Update U-Boot on SPI Flash, raw image format + Update U-Boot and U-Boot environment, raw image format, two separate capsules + 0x100000-0x150000: U-Boot binary (but dummy) + """ + self.efi_capsule_fw3_common(u_boot_config, u_boot_console, efi_capsule_data, "3", ['Test01', 'Test02']) + + def test_efi_capsule_fw3_multi( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 3-multi + Update U-Boot and U-Boot environment, raw image format, one capsule + 0x100000-0x150000: U-Boot binary (but dummy) + """ + self.efi_capsule_fw3_common(u_boot_config, u_boot_console, efi_capsule_data, "3-multi", ['TODO!']) + + def efi_capsule_fw3_common(self, u_boot_config, u_boot_console, efi_capsule_data, test_case_no, capsule_files): + """ Test Case + Update U-Boot and U-Boot environment, raw image format 0x100000-0x150000: U-Boot binary (but dummy) """ disk_img = efi_capsule_data - capsule_files = ['Test01', 'Test02'] - with u_boot_console.log.section('Test Case 3-a, before reboot'): + + with u_boot_console.log.section('Test Case %s-a, before reboot' % test_case_no): setup(u_boot_console, disk_img, '0x0000000000000004') init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') @@ -124,7 +139,7 @@ class TestEfiCapsuleFirmwareRaw: # reboot u_boot_console.restart_uboot(expect_reset = capsule_early) - with u_boot_console.log.section('Test Case 3-b, after reboot'): + with u_boot_console.log.section('Test Case %s-b, after reboot' % test_case_no): if not capsule_early: exec_manual_update(u_boot_console, disk_img, capsule_files) @@ -147,6 +162,7 @@ class TestEfiCapsuleFirmwareRaw: expected = 'u-boot-env:Old' if capsule_auth else 'u-boot-env:New' verify_content(u_boot_console, '150000', expected) + def test_efi_capsule_fw4( self, u_boot_config, u_boot_console, efi_capsule_data): """ Test Case 4 @@ -154,9 +170,25 @@ class TestEfiCapsuleFirmwareRaw: 0x100000-0x150000: U-Boot binary (but dummy) 0x150000-0x200000: U-Boot environment (but dummy) """ + self.efi_capsule_fw4_common(u_boot_config, u_boot_console, efi_capsule_data, '4', ['Test101', 'Test102']) + + def test_efi_capsule_fw4_multi( + self, u_boot_config, u_boot_console, efi_capsule_data): + """ Test Case 4-multi + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version, one capsule + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ + self.efi_capsule_fw4_common(u_boot_config, u_boot_console, efi_capsule_data, '4-multi', ['Test106']) + + def efi_capsule_fw4_common(self, u_boot_config, u_boot_console, efi_capsule_data, test_case_no, capsule_files): + """ Test Case + Update U-Boot on SPI Flash, raw image format with fw_version and lowest_supported_version + 0x100000-0x150000: U-Boot binary (but dummy) + 0x150000-0x200000: U-Boot environment (but dummy) + """ disk_img = efi_capsule_data - capsule_files = ['Test101', 'Test102'] - with u_boot_console.log.section('Test Case 4-a, before reboot'): + with u_boot_console.log.section('Test Case %s-a, before reboot' % test_case_no): setup(u_boot_console, disk_img, '0x0000000000000004') init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') init_content(u_boot_console, '150000', 'u-boot.env.old', 'Old') @@ -169,7 +201,7 @@ class TestEfiCapsuleFirmwareRaw: 'config_efi_capsule_on_disk_early') capsule_auth = u_boot_config.buildconfig.get( 'config_efi_capsule_authenticate') - with u_boot_console.log.section('Test Case 4-b, after reboot'): + with u_boot_console.log.section('Test Case %s-b, after reboot' % test_case_no): if not capsule_early: exec_manual_update(u_boot_console, disk_img, capsule_files) diff --git a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py index ad2b1c6324..1624311f00 100644 --- a/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py +++ b/test/py/tests/test_efi_capsule/test_capsule_firmware_signed_raw.py @@ -125,12 +125,30 @@ class TestEfiCapsuleFirmwareSignedRaw(): """Test Case 4 - Update U-Boot on SPI Flash, raw image format with version information 0x100000-0x150000: U-Boot binary (but dummy) + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + self.efi_capsule_auth4_common(u_boot_config, u_boot_console, efi_capsule_data, '4', ['Test111', 'Test112']) + + def test_efi_capsule_auth4_multi( + self, u_boot_config, u_boot_console, efi_capsule_data): + """Test Case 4-multi - Update U-Boot on SPI Flash, raw image format with version information, one capsule + 0x100000-0x150000: U-Boot binary (but dummy) + + If the capsule is properly signed, the authentication + should pass and the firmware be updated. + """ + self.efi_capsule_auth4_common(u_boot_config, u_boot_console, efi_capsule_data, '4-multi', ['Test116']) + + def efi_capsule_auth4_common(self, u_boot_config, u_boot_console, efi_capsule_data, test_case_no, capsule_files): + """Test Case - Update U-Boot on SPI Flash, raw image format with version information + 0x100000-0x150000: U-Boot binary (but dummy) + If the capsule is properly signed, the authentication should pass and the firmware be updated. """ disk_img = efi_capsule_data - capsule_files = ['Test111', 'Test112'] - with u_boot_console.log.section('Test Case 4-a, before reboot'): + with u_boot_console.log.section('Test Case %s-a, before reboot' % test_case_no): setup(u_boot_console, disk_img, '0x0000000000000004') init_content(u_boot_console, '100000', 'u-boot.bin.old', 'Old') place_capsule_file(u_boot_console, capsule_files) @@ -139,7 +157,7 @@ class TestEfiCapsuleFirmwareSignedRaw(): capsule_early = u_boot_config.buildconfig.get( 'config_efi_capsule_on_disk_early') - with u_boot_console.log.section('Test Case 4-b, after reboot'): + with u_boot_console.log.section('Test Case %s-b, after reboot' % test_case_no): if not capsule_early: exec_manual_update(u_boot_console, disk_img, capsule_files) From patchwork Fri Jun 16 11:34:25 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Herbrechtsmeier X-Patchwork-Id: 1795867 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=85.214.62.61; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-weidmueller-onmicrosoft-com header.b=FwB6tJIh; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [85.214.62.61]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384)) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QjHCT2NWPz20X8 for ; Fri, 16 Jun 2023 21:35:33 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id 562AA86265; Fri, 16 Jun 2023 13:34:52 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.b="FwB6tJIh"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id 53C118623E; Fri, 16 Jun 2023 13:34:45 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FORGED_SPF_HELO,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.2 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2061c.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::61c]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 728128624E for ; Fri, 16 Jun 2023 13:34:42 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=stefan.herbrechtsmeier-oss@weidmueller.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O8GFet8ZqfS8huLJv5ahksamZGkBaWhPmudPSVI8fnvP/Jk6DB6eugnnz3heoLErlXFhwJi+H+DKhJ8CClxW5V8KcQVj4O4LjSQ5PB9EwfIPfvUV5Y0Pf5ZKK1HBUnHAw6NrdhcM6y3iq635jMOl6t99xPxz6FVtkikgISR9ny/coMppbasPR/5kNhLOXcclWYPfmOu5muZuMT/2WT+DJuQxiNi30JxrmW2LX2nLNDH8F0nalW5D1XODqQC94ptY3q7tXvfB/YqD07h8v7w22bX4A4WW3hXYMnQ4EBoumRMLovd5Y49RqKNMnYAxaJNVWUh7h7iBUzjo1ohHfd9i3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=8yJiPoCijgMpMMyAma+QyflWRpfLFmxAi70gaobcYX0=; b=L47r9Kn2GlPjoqXchxO2aB/0InMZQt7h8/ceJJdpY+1GeIDsosUSlg+whTVJWe9Afhm4lIGl8k+ZrKV0urwO+vyXmI+jlGrUQHyknL0l5kQiJ5EtbHqnnFtPtt5pqQC6kZY+aYI7NmmC8pC6yN5OzHAhA7/t4W6Iu5nSv2zT21HVNVPVUnYh7PidgyBs0gAO9WSe/NLzjj0r9Ria7bLonuh8UzeZnyoYobCYuzHUy9qgwevguUacPxMmLE6QbrPDX+tpbZoI83WX7h4GJ7eFyxad15wzJOIpbcBmZrOUQEyXozU0Ew8gwpd4ASR6e+P31bRw8EoaGE6znoU4gFRCqQ== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=weidmueller.com; dmarc=pass action=none header.from=weidmueller.com; dkim=pass header.d=weidmueller.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weidmueller.onmicrosoft.com; s=selector1-weidmueller-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=8yJiPoCijgMpMMyAma+QyflWRpfLFmxAi70gaobcYX0=; b=FwB6tJIhKjEwkzt06gRbXAkcwN2IdyOejL1I+LYXgXYujXWLTwskRtRRox7ywmHtwgg/DJ9eUwgsvqZf8cxmgIGME7BwtlRdTZu0sCAoPxCgCh0wZ8enrWtHJAfD2tek3ROW3DXBfk50BiR4H7SC/eIsozaSfJQUP6MWpqLsMzY= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=weidmueller.com; Received: from PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) by DB9PR08MB6444.eurprd08.prod.outlook.com (2603:10a6:10:23c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.29; Fri, 16 Jun 2023 11:34:41 +0000 Received: from PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389]) by PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389%4]) with mapi id 15.20.6500.025; Fri, 16 Jun 2023 11:34:41 +0000 From: Stefan Herbrechtsmeier To: u-boot@lists.denx.de Cc: Malte Schmidt , Sughosh Ganu , Malte Schmidt , Stefan Herbrechtsmeier , Heinrich Schuchardt , Ilias Apalodimas Subject: [PATCH 4/5] doc: uefi: update mkeficapsule documentation Date: Fri, 16 Jun 2023 13:34:25 +0200 Message-Id: <20230616113426.13976-5-stefan.herbrechtsmeier-oss@weidmueller.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> References: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> X-ClientProxiedBy: FR2P281CA0174.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9f::11) To PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR08MB6969:EE_|DB9PR08MB6444:EE_ X-MS-Office365-Filtering-Correlation-Id: 692b95ad-ff13-4dc9-6f80-08db6e5dac9b X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: dNp83pf9L9Zrq0m8MGAlrhIArZ+8IYinL/qsKu5XXa37H7rBgHo/VRMmE/6VOPAYKB9DIeLGi3Qm1Mvj+O/QnRFZz0LyqfHAzLTzvHyQ8PQ6qFUBm34yguUAhkfvVfvmKzxCLS+UxbpMurhQOfkoeRZqHcwhTGI9d0ljFoX9EOmN2EKarHD0ns0xK5Mllv11jVbFBvwvHk/6/bfvN+c/W6wazxYBia8GWm0VSbacx5re2hNG1OQfQ9xKRFE2z6kiBGjW5JD9G7QoB8wXKyaPJjqW4hC0YGIIrWAb4G7TjACZeJrnRMGdL7ZRCcWDnKd+MSDnlBfJYlsUyUgEXVNntgNiWZhVBhWjrgeSctuwkayzSMAkj6B1pkrbqxzvwpMUofx8c+LfXX3nUYwHh9ylpBQ/rFnHl70nD7lVYdMhiIKefm6NJ5RO2CIKjAJKapt8D4u+GBbFMmtH9JNYnDJpF1DIDVpopw1SDSyz2RypNqM7y4tzThRjCOBwX/v6mpHPmCcIS3lZCPYZ1rcVFQr8HEm06enHWGMyQrXwiN+qZXd2Gpr9BdjD4RaWDdIKgRKuTZ3AHSjyeJLc/mLs0/uAzm/r5KNg8REvmjVPgKKut5E= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR08MB6969.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(346002)(366004)(39860400002)(376002)(396003)(451199021)(5660300002)(54906003)(41300700001)(6486002)(8676002)(8936002)(316002)(6666004)(52116002)(186003)(6506007)(26005)(6512007)(15650500001)(478600001)(4326008)(6916009)(66556008)(66476007)(66946007)(86362001)(1076003)(38100700002)(38350700002)(2616005)(83380400001)(36756003)(2906002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: MTm0KqZP3oUUmU3fapO2rjBlhsvwcRsVRbwY3DzrOsG0arR6JCy9xpv6rvOFkWohQs/b/xNAJm/SJifQZQPPAIyaq71eBc0gZ+OkK9tEkDzOG0o3RD6TS3o2890+i4Q+9bXFV/xqRR7HoeaNgyTCVWSkgfpmVA1uKNYvYM7ReXhXGphAGf7UB9WwFKLKu0qzY1lMTwHGtmvf8OiQ8Vdeinay17EUBOd+inED8PUbeotBnjuOfT0VnKz8QQD1rD5ApWQlX25tLdP+gVvcWMkcVxuHr+6B/hF0wTjkQehVNRxGXDtN8RVnBCKgpU1etNBAnsw+tJDlzaMMTz0EOIOm8+Bg6N0hCmzjsQFKMJSUxHPv9n7uKg0Em/xcsNyWdQGfCixMfdaKLX6x3p2BSdmJt5dcKOagOjn4jlnikbTRMOY17tRV/v+W1b9MaNvCxFUZTymDDkQscte2KpLlZf9a5tUbVo7bmtb5MV9wuI9kvdubiPVrG6qeOqLUifBfUAfKHuRay4BcwGUYJ+talZddrmmLqxYqFph18bwJ2KwBRqiwJchDgvYRXHXkrXFx3UHdEpWGCSPR4xMw912O4PnGpw0XZm16OymyhZgg9AerFr/+EgXC2jYJU3qKVrhiyORNj/mUN/uPI2gig3nKCidDASGA/SsfvMlgALfBLVQyec819Obc1eOg4eoXcoy598NxRDJ9cTJChWPC3igs8jHQq+P7KqugTsAyB9rVBdibjMxuZEoAOuetUd432RgTiI9nJyhUhEm6R7ojZzNQ1mr3kQbNvx4Mwwu+iMGXoIIXi0vgWj5WQxEPstTDto8StvjF2D0LzTXFN7+C/gq0oruSDTRSXvTnantopwx+PkrDBF0s5CUjIdIL7UJqvCPBqcqszA3tULqqjb3jjjEbQzNukCUmAedIQ/81JJD38PfeIjXGjS9ZYbuAntY+p9cDpIa08AZuvxARz775PWIv9K0wHiFiOglDEnl/r5AwSDXi+MYQyyHwy7UFJbL/A2qZybhDGf/MkD6VlE/0nr678JGfbchRftO6coLCyphLF0qOkgl/bHQGbctUmNQLAv2Lfhzp01sHA9WneqYolryrJ2cccuz3TPvka2XKrFtKP94SaInIjx6+F8XjdiniDgUHl4yWru8Wh6T2iY8UBmYhhgk8kTuz2Mp6JVMBLNe6xdt286oyxw1RhfsrPV/3VyuKA1/lf6uh+76g5jTHRqspOH1uRtVu2MxQDZ+apS1OZv7jbP7zXRvmSD41bJksyz7Qp0VsLBV+ahNFZr61yRBzsNlMQ5CbmjGyjKaHWeacCgMWzypLxcoSVo0kPwf0tpN0tjZ+6XRCquByUgXcVufjkVXUjc3xopGN1MLa+B9edFwmwNKLqDWqwRBJpDer0DFywktHCp3vuhVadpLih+nj9xm7q3tH/6Up7bthUZNRAuShwHocTcwKLmpWdwkzZXDhoTDRpNVjefsbrpu5pkaXD0eD2HCIgF1U+meJ4p1ywJHcmP+plkTc28oPY1VAOQ8HhQ0qis9wOpOZBu4SBr2nNmwHU7ihDH553Q9OlaSbx1TJhp+H6cdMXtCellBnQ5yf47rEYZRQS361hf0B4exzJQfurA== X-OriginatorOrg: weidmueller.com X-MS-Exchange-CrossTenant-Network-Message-Id: 692b95ad-ff13-4dc9-6f80-08db6e5dac9b X-MS-Exchange-CrossTenant-AuthSource: PAXPR08MB6969.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2023 11:34:41.3581 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: e4289438-1c5f-4c95-a51a-ee553b8b18ec X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: Kc8V+95qDKzCsd+H0rwl6iQX+l4dVp7CBaqaVFcJqb+TEdrgYdR7D9PEJhtVtPImgTp2dMoNHcNkc67cN1OfJw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6444 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Malte Schmidt mkeficapsule now supports multiple blobs. Update the documentation accordingly. Although the image blob can still be specified as positional parameter for backwards compatibility, remove it from the documentation to discourage its usage. Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- doc/develop/uefi/uefi.rst | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index 6626ceec52..b513934d31 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -304,6 +304,7 @@ Creating a capsule file *********************** A capsule file can be created by using tools/mkeficapsule. +A capsule file can contain multiple images to update. To build this tool, enable:: CONFIG_TOOLS_MKEFICAPSULE=y @@ -314,10 +315,14 @@ Run the following command .. code-block:: console $ mkeficapsule \ - --index --instance 0 \ - --guid \ + --index \ + --instance \ + --guid \ + --image_blob \ +The list entries must be comma-separated. + The UEFI specification does not define the firmware versioning mechanism. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version, @@ -337,14 +342,16 @@ add --fw-version option in mkeficapsule tool. .. code-block:: console $ mkeficapsule \ - --index --instance 0 \ - --guid \ - --fw-version 5 \ + --index \ + --instance \ + --guid \ + --fw-version \ If the --fw-version option is not set, FMP Payload Header is not inserted and fw_version is set as 0. + Performing the update ********************* @@ -465,9 +472,11 @@ following command can be issued .. code-block:: bash $ ./tools/mkeficapsule \ - --index 0x3 --instance 0 \ + --index 0x3 \ + --instance 0 \ --guid c1b629f1-ce0e-4894-82bf-f0a38387e630 \ - optee.bin optee.capsule + --image_blob optee.bin \ + optee.capsule Enabling Capsule Authentication @@ -509,9 +518,11 @@ and used by the steps highlighted below. $ mkeficapsule --monotonic-count 1 \ --private-key CRT.key \ --certificate CRT.crt \ - --index 1 --instance 0 \ - [--fit | --raw | --guid + --index 1 \ + --instance 0 \ + [--fit | --raw | --guid ] \ + --image_blob \ + 4. Insert the signature list into a device tree in the following format:: From patchwork Fri Jun 16 11:34:26 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Stefan Herbrechtsmeier X-Patchwork-Id: 1795871 X-Patchwork-Delegate: xypron.glpk@gmx.de Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.denx.de (client-ip=2a01:238:438b:c500:173d:9f52:ddab:ee01; helo=phobos.denx.de; envelope-from=u-boot-bounces@lists.denx.de; receiver=) Authentication-Results: legolas.ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.a=rsa-sha256 header.s=selector1-weidmueller-onmicrosoft-com header.b=E43TeIJl; dkim-atps=neutral Received: from phobos.denx.de (phobos.denx.de [IPv6:2a01:238:438b:c500:173d:9f52:ddab:ee01]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-384) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4QjHDN4q5qz20X8 for ; Fri, 16 Jun 2023 21:36:20 +1000 (AEST) Received: from h2850616.stratoserver.net (localhost [IPv6:::1]) by phobos.denx.de (Postfix) with ESMTP id F27FE862AE; Fri, 16 Jun 2023 13:35:07 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=fail (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=u-boot-bounces@lists.denx.de Authentication-Results: phobos.denx.de; dkim=pass (1024-bit key; unprotected) header.d=weidmueller.onmicrosoft.com header.i=@weidmueller.onmicrosoft.com header.b="E43TeIJl"; dkim-atps=neutral Received: by phobos.denx.de (Postfix, from userid 109) id DEB7D8624B; Fri, 16 Jun 2023 13:34:47 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on phobos.denx.de X-Spam-Level: X-Spam-Status: No, score=-0.9 required=5.0 tests=BAYES_00,DKIM_SIGNED, DKIM_VALID,FORGED_SPF_HELO,SPF_HELO_PASS,T_SCC_BODY_TEXT_LINE, T_SPF_PERMERROR autolearn=no autolearn_force=no version=3.4.2 Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on20608.outbound.protection.outlook.com [IPv6:2a01:111:f400:7d00::608]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by phobos.denx.de (Postfix) with ESMTPS id 1FCA1847B6 for ; Fri, 16 Jun 2023 13:34:43 +0200 (CEST) Authentication-Results: phobos.denx.de; dmarc=pass (p=none dis=none) header.from=weidmueller.com Authentication-Results: phobos.denx.de; spf=pass smtp.mailfrom=stefan.herbrechtsmeier-oss@weidmueller.com ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Xr/BQUjlNA0jI4bJERkOARiXQJLtaqB9Mx6Gq1yY4miHNyEF3KEJagCGdiah5L2w0xiijKbWPCwdiEew1+ZKcXSW7XP++MlO0voJ1cwBrLD7XHIVWq9AzJUdkys+CLkFR3vVgi4ZzgOtcVqI+9uRVa5myHCuoY/5WpeLXa6x8INQ20HvBrQn30Bn8Q60z8yk8qad1PVQID86fLqGgv/2eLYbej6puxRrCffRnTcTs8b9x9UUHL6JSWbEWj6pVJNhA94B4FkwJz79lrtWXxy8A5X5cKbXw7vWIRkogr8NXdTSP3q33cKFUeBjdTOg6+95ScNx5D2ZIxzByNDgT8Edlw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=4YWziZEgp27dWQ9kSAVSeEVPcb/h1WBPFX3JlScqCT0=; b=aHIKpbDNqldnFgFVfleJrsjiFj4EA/r06fex7CaihM+OijGXGG3OJCKU8oZEomNrElMnjwdqH+yUWyJwoNRXJpAu6JGKqeVNmB46OKccXn4Kb/gnhVPUNn7FpjEStBJHP6sgrD8knCdxBRSbnpn50kxMqLPx/SN/pbEfJfQfSAMtrfyG7E9zj8affahh5vsb0/Pq/qZMMmEAIamvU7A2U/hzLEC7vY+hmht4HMQkzGeEbXdsHGPpK9XvCZVHPXMg90JGy4hCb+pnL3joZyklcTMV5vsVnZxcQYMeCUAnua2bHjsWbGRez65PuO9X5GLFdHcXyxwLltdFKQc5CKawRA== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=weidmueller.com; dmarc=pass action=none header.from=weidmueller.com; dkim=pass header.d=weidmueller.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=weidmueller.onmicrosoft.com; s=selector1-weidmueller-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=4YWziZEgp27dWQ9kSAVSeEVPcb/h1WBPFX3JlScqCT0=; b=E43TeIJl3rGQNMT0ycJe/P6R7MnSVbPTwXe/xGgENr/1sHu2nBGxsq5z+JajI1/Xf4x0gj16eOkbzJjlZxBhBycVa5p+gJl6PRizciK2+R9jWy2Nw1Rpmq0P/8QN0BwVYMeHBW0tQMX5KgC7FgNCivJk0bwZEmMocZM6bnoilsE= Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=weidmueller.com; Received: from PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) by DB9PR08MB6444.eurprd08.prod.outlook.com (2603:10a6:10:23c::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6500.29; Fri, 16 Jun 2023 11:34:42 +0000 Received: from PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389]) by PAXPR08MB6969.eurprd08.prod.outlook.com ([fe80::7501:6f07:8ffe:f389%4]) with mapi id 15.20.6500.025; Fri, 16 Jun 2023 11:34:42 +0000 From: Stefan Herbrechtsmeier To: u-boot@lists.denx.de Cc: Malte Schmidt , Sughosh Ganu , Malte Schmidt , Stefan Herbrechtsmeier , Heinrich Schuchardt , Ilias Apalodimas Subject: [PATCH 5/5] doc: uefi: clarify capsule concept Date: Fri, 16 Jun 2023 13:34:26 +0200 Message-Id: <20230616113426.13976-6-stefan.herbrechtsmeier-oss@weidmueller.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> References: <20230616113426.13976-1-stefan.herbrechtsmeier-oss@weidmueller.com> X-ClientProxiedBy: FR2P281CA0174.DEUP281.PROD.OUTLOOK.COM (2603:10a6:d10:9f::11) To PAXPR08MB6969.eurprd08.prod.outlook.com (2603:10a6:102:1d8::23) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: PAXPR08MB6969:EE_|DB9PR08MB6444:EE_ X-MS-Office365-Filtering-Correlation-Id: 7d53a65c-d55b-40aa-644b-08db6e5dad17 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0; X-Microsoft-Antispam-Message-Info: 7r8Jr076zkb9Q4uuISRnlxqa8g5YQZZJVpkfo3SyEoPbcDbPB2CxTSyzcuqHPEq0akhCi7Y2594q9ts2iYMkLqHcUmimckbDiwuFDbisLgB5Z/SrAe2nG6MEhPmpTWFdUEaK6LdDNCxWWSX94cGaX76cmPUtOR9SHNm0LKrTV9ZAqufLiN7igpXPmwixJhH7NEg3NXsiep+ZMZx5+Bqrz7cjDCCZPie8tpwgLUDUILjTay4kvx8AaUJRxF35m5zpJJLxRQ92A6t6qiSgeyVVJbkA9H/b14vtSArk3VfqQJEtJ2zUCuwwPRDlHFjGkEnfVkklQIy6z5o59qRp5V/4zE494uEot8jsZieDKKIuUH8dyLcBfBQxZ1rItMzXsDlibYUwAxiYpBP4Tvk2kixOZWBsS24sGQRxUbomMhmbMcG1qeiPxHMm1y/+CIe7aPbxd+LRh3pt2x3j0/UzR9BQJqvmiCDphX98rkgWJyS5OddtOFJ/V/Clwyc/SH5KRiWC5VJyWavAiy7e+bNCMPndu+wex1Yzogqqu7bsSKHmdouobKjeZGVhoIV+/5RslclNS1gfR7qPcW5F5CwLXac2Cw6kZChJGFTrNK3MjX8GZ28= X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PAXPR08MB6969.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(4636009)(136003)(346002)(366004)(39860400002)(376002)(396003)(451199021)(5660300002)(54906003)(41300700001)(6486002)(8676002)(8936002)(316002)(6666004)(966005)(52116002)(186003)(6506007)(26005)(6512007)(478600001)(4326008)(6916009)(66556008)(66476007)(66946007)(86362001)(1076003)(38100700002)(38350700002)(2616005)(83380400001)(36756003)(2906002); DIR:OUT; SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: CKezpDLfzd1dwXnQu4mvHXsv0yzLIIriv7nswBd37o8Br+GpxIqghuVovznn7cA8npTcoUMrP3PITlc1qs7Z9EAMuXjjwhNdL7J/JPme9sH40cQOpNoks4VGj/g4BehWgjenr9XmRQ+c6aVWugK4dbBqnTw63BLYE6Vk5cv2eDoQvBmeOmRtteQ15rqU2SHHU0DCOaboQQlrag6euZ4fLozTRe3EqT7sqZQP8EhMkpoATAKiNPUUsbs61sEBodniTe0tC4P7DZR/LULmtDLv0VKtdudcX/t4EPQQ/bFsCG9DFkQk2Oa85zmojIhr3rFHG5XnlG7J+4OTmGToXhg/NlehGK2eelpTPZqCefgNuMNQ4mTbvQ5baRVxwHIjMg5d2KfPtFfS+pmTpOGT/md8XqOUAywSkhZDIvPrzvR7cIvAbRMjl+6F1f0N3T+eyF8cO9fw+DQVHeDZSa1kfLDtpY/oYPSAkFbRbbFMZwjocEC/XacGBnJPIHyDo9O6Ri7hJuG3lsbNzN3med5g66t2jKI2+Nq45y8iD1ak08AWvgxOa9OLfIRYczUlC303CAvUMoLIKXIFkQgYFBT3rBTSUI1QHJB7/B9KdtZKSvQ1REAwRZc0IQH1tklEk8rMNK410AvSvs/E5CUnT7vt55/PWgoNfB1Z6SoRtqrSkLjdbAPcWV2dMvxutiB1rrSV0Pt+W+8oZ6RUemQrL+UvG20I1K1fzT1TtqazJmuRSe10NC1Pw2n/MfEtZw9ORH09gjGMRldFGKYENAV+9drH6EBHSMKAOdcGu5IBzpTlqzykFyun+LS3TD9EQQJbRXVbENvwLbUdim7ZSwNcV04l34mcD77eKNh7AhAhCoYi+JQ6UQMEqF0IaA7A2kGlk8eTqjj+Ph3Vb5n4JWktfwcyHIO5gotLsvIAwQX0VxO/y2Qlg14xKANQlenIIRGUGsXwTnAgidUGianDg7OHH+Ly9TXgyAAGY+hPWpWQ9evHBTQ883EuZCxe4TEfDiLnjDiFwm3/gGuDUdtzeD6UhmMRuACV4h/fVpENhxebsNfxiCmhv3DwwUsD//ZGsPkBHZNw8BmmtixLngojuPRh3IRSp+P51m1uOyIP+H9O6Yt/ObQB9vesrG499yda+y84WwTT8mLmnVC+ULbcXfpjVL+p4MA3dgvd+nap5NWiCVUaOEFwewyGoxc84a/MokN7ehXZRCJRQR7lflxS7JsNlYa7EZTMqw+i9UMp4xb46xcYKBV+hNzxng/a+Wgfrb7qrmx/kpDQSF7H9CDrshT99M7WpJimloG3JvMOXlBnvwD2/NrkzHJ1EnmlhWqLoTaTp9VNZpwTs++4wfdh0CKDPnyHQtC5Iuv4MbboMXbH+euZRJh7CMXMEfTnUjhk2Kfi27KpHaqRbjPhw85Qduygj0n+vE015n5hSlzT3Hq/OE0KkBmUCSBX8jFRsnHkgZ60sX82pXHMmzaffUYWW5P/WLHrY+dBCbdUoBLTazd/zEWqMB5RWwkagJWUIzs9JR6GuhBr00NtX+BDWFO+uVoyWRJhHYzJ9sw6/McY39kC3ktvkDKKdE7HeamsZHjZ8kvwXy8RmJwW4hNn7TvuQ7R275TG03FcUg== X-OriginatorOrg: weidmueller.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7d53a65c-d55b-40aa-644b-08db6e5dad17 X-MS-Exchange-CrossTenant-AuthSource: PAXPR08MB6969.eurprd08.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2023 11:34:41.9836 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: e4289438-1c5f-4c95-a51a-ee553b8b18ec X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: ZABUiOFyOB2KsuHazm9DbHajWRNPnVR2ORjYnoZ3rDbXyUDAxkVujWBwIUV9nGs3dBwvA4/LbuVBh0mHqH4oRA== X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR08MB6444 X-BeenThere: u-boot@lists.denx.de X-Mailman-Version: 2.1.39 Precedence: list List-Id: U-Boot discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: u-boot-bounces@lists.denx.de Sender: "U-Boot" X-Virus-Scanned: clamav-milter 0.103.8 at phobos.denx.de X-Virus-Status: Clean From: Malte Schmidt There seems to be some misused or inaccurate namings regarding the capsule concept. Set the naming straight and add a table showing the naming conventions. This table is based on the images found in chapter 23 of the UEFI 2.10 specifications [1]. The table should help to build a common understanding between the authors and readers of the documentation. [1] https://uefi.org/specs/UEFI/2.10/index.html Signed-off-by: Malte Schmidt Signed-off-by: Stefan Herbrechtsmeier --- doc/develop/uefi/uefi.rst | 42 ++++++++++++++++++++++++++++++++++++--- 1 file changed, 39 insertions(+), 3 deletions(-) diff --git a/doc/develop/uefi/uefi.rst b/doc/develop/uefi/uefi.rst index b513934d31..56188c5b10 100644 --- a/doc/develop/uefi/uefi.rst +++ b/doc/develop/uefi/uefi.rst @@ -300,6 +300,42 @@ not present are ignored when determining the active boot option. Please note that capsules will be applied in the alphabetic order of capsule file names. +Structure of a capsule file +*************************** + +The strucutre of a firmware management capsule as defined in [1] is shown +below. The tools/mkeficapsule program supports creating firmware management +capsules with multiple payloads and optionally with firmware image +authentication. + +.. code-block:: text + + +-------------------------------------------------------------------------+ + | EFI_CAPSULE_HEADER | + +--------------+----------------------------------------------------------+ + | Capsule Body | EFI_FIRMWARE_MANAGEMENT_CAPSULE_HEADER | + | +----------------------------------------------------------+ + | | Optional Driver 1 | + | +----------------------------------------------------------+ + | | Optional Driver 2 | + | +----------------------------------------------------------+ + | | ... | + | +-----------+----------------------------------------------+ + | | Payload 1 | EFI_FIRMWARE_MANAGEMENT_CAPSULE_IMAGE_HEADER | + | | +----------------------------------------------+ + | | | Firmware Image Authentication (optional) | + | | +----------------------------------------------+ + | | | Dependency Expression (optional) | + | | +----------------------------------------------+ + | | | Firmware Image | + | +-----------+----------------------------------------------+ + | | Payload 2 | + | +----------------------------------------------------------+ + | | ... | + | +----------------------------------------------------------+ + | | Payload n | + +--------------+----------------------------------------------------------+ + Creating a capsule file *********************** @@ -482,9 +518,9 @@ following command can be issued Enabling Capsule Authentication ******************************* -The UEFI specification defines a way of authenticating the capsule to -be updated by verifying the capsule signature. The capsule signature -is computed and prepended to the capsule payload at the time of +The UEFI specification defines a way of authenticating the capsule payload +to be updated by verifying the signature of each capsule payload. The payload +signature is computed and prepended to the capsule payload at the time of capsule generation. This signature is then verified by using the public key stored as part of the X509 certificate. This certificate is in the form of an efi signature list (esl) file, which is embedded in