#
6984077d |
|
10-Oct-2023 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
tools: mkeficapsule: Add support to print capsule headers Add support to dump the contents of capsule headers. This is useful as a debug feature for checking the contents of the capsule headers, and can also be used in capsule verification. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> |
#
8e21064c |
|
11-Jul-2023 |
Tom Rini <trini@konsulko.com> |
Merge tag 'efi-2023-07-rc7' of https://source.denx.de/u-boot/custodians/u-boot-efi Pull request efi-2023-07-rc7 Documentation: * Fix links to Linux kernel documentation UEFI: * Fix memory leak in efidebug dh subcommand * Fix underflow when calculating remaining variable store size * Increase default variable store size to 64 KiB * mkeficapsule: fix efi_firmware_management_capsule_header data type
|
#
e05a4b12 |
|
16-Jun-2023 |
Malte Schmidt <malte.schmidt@weidmueller.com> |
mkeficapsule: fix efi_firmware_management_capsule_header data type The data type of item_offset_list shall be UINT64 according to the UEFI [1] specifications. In include/efi_api.h the correct data type is used. The bug was probably never noticed because of little endianness. [1] https://uefi.org/specs/UEFI/2.10/index.html Signed-off-by: Malte Schmidt <malte.schmidt@weidmueller.com> Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com> |
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> |
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
8e21064c |
|
11-Jul-2023 |
Tom Rini <trini@konsulko.com> |
Merge tag 'efi-2023-07-rc7' of https://source.denx.de/u-boot/custodians/u-boot-efi Pull request efi-2023-07-rc7 Documentation: * Fix links to Linux kernel documentation UEFI: * Fix memory leak in efidebug dh subcommand * Fix underflow when calculating remaining variable store size * Increase default variable store size to 64 KiB * mkeficapsule: fix efi_firmware_management_capsule_header data type
|
#
e05a4b12 |
|
16-Jun-2023 |
Malte Schmidt <malte.schmidt@weidmueller.com> |
mkeficapsule: fix efi_firmware_management_capsule_header data type The data type of item_offset_list shall be UINT64 according to the UEFI [1] specifications. In include/efi_api.h the correct data type is used. The bug was probably never noticed because of little endianness. [1] https://uefi.org/specs/UEFI/2.10/index.html Signed-off-by: Malte Schmidt <malte.schmidt@weidmueller.com> Signed-off-by: Stefan Herbrechtsmeier <stefan.herbrechtsmeier@weidmueller.com> |
#
000806f7 |
|
06-Jun-2023 |
Masahisa Kojima <masahisa.kojima@linaro.org> |
mkeficapsule: add FMP Payload Header Current mkeficapsule tool does not provide firmware version management. EDK II reference implementation inserts the FMP Payload Header right before the payload. It coutains the fw_version and lowest supported version. This commit adds a new parameters required to generate the FMP Payload Header for mkeficapsule tool. '-v' indicates the firmware version. When mkeficapsule tool is invoked without '-v' option, FMP Payload Header is not inserted, the behavior is same as current implementation. The lowest supported version included in the FMP Payload Header is not used, the value stored in the device tree is used instead. Signed-off-by: Masahisa Kojima <masahisa.kojima@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> |
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
6da9271a |
|
21-Oct-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Add support for generating empty capsules The Dependable Boot specification[1] describes the structure of the firmware accept and revert capsules. These are empty capsules which are used for signalling the acceptance or rejection of the updated firmware by the OS. Add support for generating these empty capsules. [1] - https://git.codelinaro.org/linaro/dependable-boot/mbfw/uploads/6f7ddfe3be24e18d4319e108a758d02e/mbfw.pdf Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> Acked-by: Etienne Carriere <etienne.carriere@linaro.org> |
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
2eda55e4 |
|
14-Apr-2022 |
Sughosh Ganu <sughosh.ganu@linaro.org> |
mkeficapsule: Remove raw and FIT GUID types While building a capsule, the GUID value of that specific image is to be passed through the --guid command option to the mkeficapsule tool instead of using one of --raw or --fit options, where the GUID value passed through the command line option is the image GUID. This renders the EFI_FIRMWARE_IMAGE_TYPE_UBOOT_FIT_GUID and EFI_FIRMWARE_IMAGE_TYPE_UBOOT_RAW_GUID values superfluous. Remove the --raw and --fit command line options as well. Also modify the mkeficapsule man page to reflect this change. Signed-off-by: Sughosh Ganu <sughosh.ganu@linaro.org> |
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |
#
16abff24 |
|
09-Feb-2022 |
AKASHI Takahiro <takahiro.akashi@linaro.org> |
tools: mkeficapsule: add firmware image signing With this enhancement, mkeficapsule will be able to sign a capsule file when it is created. A signature added will be used later in the verification at FMP's SetImage() call. To do that, we need specify additional command parameters: -monotonic-cout <count> : monotonic count -private-key <private key file> : private key file -certificate <certificate file> : certificate file Only when all of those parameters are given, a signature will be added to a capsule file. Users are expected to maintain and increment the monotonic count at every time of the update for each firmware image. Signed-off-by: AKASHI Takahiro <takahiro.akashi@linaro.org> Reviewed-by: Simon Glass <sjg@chromium.org> Acked-by: Ilias Apalodimas <ilias.apalodimas@linaro.org> |